Delivery  season 


Clear  Choice  Test  Backup  tools 


Shiny,  happy  teleworkers 


The  U.S.  Postal  Service  has  deployed  a  massive 
VPN  with  the  help  of  multiple  outsource  providers 
and  strategic  contract  management.  PAGE  9. 


We  put  nine  backup  and  restore  tools  to  the  test  and  discovered 
that  the  entire  class  of  products  has  gained  sophistication. 
However,  Symantec’s  Backup  Exec  stands  out.  PAGE  26. 


Companies  are  supporting  clubs,  social  events  and 
face-to-face  meetings  to  keep  telecommuters  moti¬ 
vated  and  in  the  corporate  loop.  PAGE  23. 
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The  most  colorful 
networking  story  ever 

What’s  behind  Big  Blue,  Red  Hat  and  all  of  those 
purple  Extreme  Networks  switches? 

BY  BOB  BROWN 

quick  study  of  the  net¬ 
work  industry  could  be 
enough  to  give  you  the 
blues. 

To  start,  there’s  IBM,  other¬ 
wise  known  as  Big  Blue. 

Then  there’s  Windows’ 
dreaded  blue  screen  of 
death  and  Microsoft’s  annu¬ 
al  BlueHat  security  briefings. 

And  who  can  forget  the 
Code  Blue  virus  that  struck  in  2001?  The  industry’s  extended 
blue  period  has  delivered  wireless  security  company  Blue- 
socket,  plus  other  outfits  of  past  and  present,  such  as  BlueCat 
Networks,  Blue  Ridge,  Blue  Titan  and  BlueWave  Networks.  North 

See  Colors,  page  16 


Radical  changes  loom 
for  Cisco  I0S  software 


Company  planning  to 
decouple  router/switch 
software,  hardware. 

BY  PHIL  HOCHMUTH 

SAN  JOSE  —  Cisco  over  the  next  five 
years  plans  to  radically  change  how  it 
sells  and  delivers  router  and  switch  soft¬ 
ware,  in  part  by  making  that  software 
more  virtualized  and  modular. 

Cisco’s  intention  is  to  decouple  IOS  soft¬ 
ware  from  the  hardware  it  sells,  which 
could  let  users  add  enhancements  such 
as  security  or  VoIP  more  quickly,  without  having  to 
reinstall  IOS  images.The  vendor  also  plans  to  virtual¬ 
ize  many  of  its  network  services  and  applications, 
which  currently  are  tied  to  hardware-specific  mod¬ 
ules  or  appliances. 

This  shift  would  make  network  gear  operate  more 


like  a  virtualized  server,  running  multiple 
operating  systems  and  applications  on 
top  of  a  VMware-like  layer,  as  opposed  to 
a  router  with  a  closed  operating  system 
in  which  applications  are  run  on  hard- 
ware-based  blades  and  modules.  Ulti¬ 
mately,  these  changes  will  make  it  less  ex¬ 
pensive  to  deploy  and  manage  services 
that  run  on  top  of  IP  networks,  such  as 
security  VoIP  and  management  features, 
Cisco  says. 

High-level  details  of  the  road  map  were 
delivered  in  a  session  at  Cisco’s  C-Scape 
analyst  conference  last  week  in  San  Jose 
by  Cliff  Metzler,  senior  vice  president  of  the  compa¬ 
ny’s  Network  Management  Technology  Group. 

“The  way  we’ve  sold  software  in  the  past  is  we’ve 
bolted  it  onto  a  piece  of  hardware,  and  we  shipped 
[customers]  the  hardware,”  Metzler  said.  “We  need 

See  Cisco,  page  37 


Cisco's  Cliff  Metzler 
last  week  laid  out 
the  company's 
future  router/switch 
software  road  map. 


Nortel:  Why  Cisco  should  be  worried 


It’s  been  a  little  more 
than  a  year  since  Mike 
Zafirovski  left  Motorola 
to  take  the  reins  at 
Nortel.  In  that  time  he 
has  remade  top  man¬ 
agement,  raised  the  pro¬ 
file  of  Nortel's  enterprise  busi¬ 


ness,  focused  product 
development,  slashed 
costs,  instituted  quality 
and  ethics  principles, 
and  established  sales 
and  profitability  targets. 
Zafirovski  shared  his 
thoughts  with  Network  World 


Managing  Editor  Jim  Duffy  on 
how  things  have  gone  and 
what's  next. 


Cisco  says  it  is  more  focused  on 
emerging  technologies  and  market 
transitions  than  its  rivals  are.  Why 
should  Cisco  worry  about  Nortel? 

Cisco  is  a  great  company;  I 
have  lots  of  respect  for  them. 
Most  people  would  say  they  are 
a  very  powerful  sales  and  mar¬ 
keting  machine,  not  necessarily 
an  innovator.  [But  Nortel]  is  a 
very  passionate  company  that 
really  wants  to  make  a  differ¬ 
ence,  to  be  a  great  alternative.  A 
company  that  has  led  in  most 

See  Nortel,  page  12 


Mark  your  calendars: 
Shows  to  hit  in  2007 


BY  CARA  GARRETSON 

There’s  a  reason  Com¬ 
dex  went  away,  and  it 
wasn’t  overpriced  Las 
Vegas  hotel  rooms. 

Comdex,  once  the 
mother  of  all  IT-related 
events,  faded  away  after  its  last 
season  in  2003,  too  big  for  its  own 
good.  Maybe  showcasing  padded 
laptop  bags  next  to  enterprise 
switches  wasn’t  such  a  great  idea 
after  all. 

Today  the  trend  among  industry 
events  is  toward  focus;  confer¬ 
ences  such  as  the  gadget-happy 
Consumer  Electronics  Show 
(CES)  and  network-centric 


Interop  exemplify  that 
with  a  little  bit  of  tailor¬ 
ing  a  trade  show  can 
offer  real  value.  But, 
some  would  argue  that 
as  successful  shows  such  as 
these  grow  in  size  they  often  lose 
the  focus  that  made  them  worth¬ 
while  in  the  first  place. 

“The  historical  cycle  in  trade 
shows  in  the  technology  arena 
has  been  to  bulk  up  as  any  given 
segment  gets  bigger,”  says  Gary 
Bolles,  co-founder  of  Conferenza, 
a  blog  that  tracks  executive  con¬ 
ferences  in  technology  “As  an  in¬ 
dustry  matures  there  is  still  a  need 
See  Events,  page  11 
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Xeon 


inside " 


Dual-core. 
Do  more. 


.INFRASTRUCTURE  LOG 

_DAY  25:  They’re  in  the  cafeteria!!  AAAGGGHHH ! !  These 
useless  things  can’t  work  with  each  other.  They  aren’t 
scalable.  They  aren’t  responsive.  And  you  can’t  adjust 
new  capacity  on  the  fly.  The  horror. 

_So  many  of  them,  I  have  to  eat  standing  up.  My  arches 
are  killing  me.  And  I  got  avocado  on  my  shirt. 

_DAY  26:  The  answer:  IBM  BladeCenter®  with  Dual-Core 
Intel®  Xeon®  Processors  to  boost  performance  and  balance 
workloads.  Its  self-automating  features  make  it  easy 
to  manage,  and  it  has  more  blades  per  chassis  for  a 
smaller  footprint.  The  BladeCenter  even  opened  up  its 
specs,  so  the  things  we  buy  today  can  work  with  the 
things  we  buy  tomorrow. 

_I  can  eat  my  turkey-avocado  sandwiches  in  peace  again. 
Mmmmm . . . 


IBM.COM/TAKEBACKCONTROL/BLADE 


Nobody  can  manage  your  VoIP  Performance  in  a 
converged  environment  Like  Fluke  Networks. 


CaU  De\a\W 


Give  us  48  hours  to  do  a  free,  no  strings  attached, 
assessment  of  voice  and  data  performance  in  your 
converged  network  and  see  for  yourself. 

Ever  wonder  how  voice  and  data  traffic  are  coexisting 
in  your  infrastructure  and  how  one  may  be  affecting  the 
performance  of  the  other?  As  the  only  vendor  to  provide 
edge-to-core  visibility  of  VoIP,  data  applications  and 
the  general  network  infrastructure,  we'd  like  to  give  you 
insight  that  you've  never  seen  before  through  this  limited 
time  special  offer. 

Having  network,  application,  and  VoIP-specific 
analytics  allows  you  to  clearly  see  how  data  traffic  is 
affecting  call  quality,  and  how  VoIP  traffic  is  affecting 
data  quality,  a  significant  advantage  over  products  that 
look  only  at  voice.  This  is  critical  to  enterprise  perfor¬ 
mance  management  as  voice  and  data  converge,  since 
each  has  the  potential  to  impact  the  other  across  the 
LAN,  WAN,  and  multi-tier  network  environments. 


Get  insight  into  your  network  in  48  hours. 
Register  at  www.flukenetworks.com/48hrs. 
Hurry,  this  offer  ends  March  30,  2007. 


networks 


*2006  Fluke  Corporation.  Alt  rights  reserved.  02104 
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11  Network  World's  homegrown 
shows. 

18  SPECIAL  FOCUS:  IP-based 
digital  video  surveillance  grows  up. 

24  Opinion:  On  Technology: 

Mobilizing  the  desk  phone. 

25  Opinion:  Ben  Rothke:  Good 
security  can  aid  compliance. 

25  Opinion:  Winn  Schwartau:  The 

U.S.  Department  of  FUDP 

37  Kevin  Tolly:  Redmond  vs.  Red 
Hat:  Divide  and  conquer. 

38  Opinion:  'Net  Buzz:  Is  that  the 
U.S.  Postal  Service  delivering . . . 
spam? 

Enterprise  Computing 

38  Opinion:  BackSpin:  50  unfestive 
things. 

Application  Services 

9  'Tis  the  season  for  the  Postal 
Service  network  to  deliver. 


16  IBM  releases  free  search  software. 

Service  Providers 

12  Scott  Bradner:  A  time  of 
reckoning  on  my  predictions. 

Tech  Update 


Net.Worker 

23  Striving  to  keep  teleworkers 
happy. 


COOLTOOLS 


The  Quick  Pod  will  take  some 
practice  to  take  pictures  of  your¬ 
self  by  yourself.  Page  20. 


Management 
and  Careers 

33  Before  you  sign 
on  the  dotted  line: 

What  you  should 
know  about  the  doc¬ 
uments  a  new 
employer  may 
require  you  to  sign. 


19  DRM  vs.  ERM:  battle  to  control 
data. 

19  Ask  Dr.  Internet. 

20  Mark  Bibbs:  The  perils  of 
precaching. 

20  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff. 


7  Networkworld.com:  Catch  up 
on  the  latest  online  forums, 
blogs,  newsletters,  videos  and 
help  desk  queries, 


Microsoft  updates  Vista  in  piracy  crackdown 

■  Microsoft  last  week  released  an  update  to  Windows  Vista 
that  will  shut  down  unauthorized  versions  of  the  operating  sys¬ 
tem  that  let  users  skip  the  products  activation  system.The 
move  comes  as  pirated  copies  of  Vista  are  making  the  rounds, 
mere  weeks  after  the  product  was  released  to  business  cus- 
tomers.The  update,  which  Microsoft  has  dubbed  “franken- 
build,”  detects  tampering  of  Windows  Vista  code  that  would  let 
users  of  the  operating  system  work  around  the  products  built- 
in  activation  system,  which  requires  users  to  validate  their  copy 
of  Vista  with  a  product  activation  key  to  use  the  full  version  of 
the  product  after  30  days.  Frankenbuild  mixes  files  from  vari¬ 
ous  test  and  final  versions  of  the  software.  It  will  require  only 
systems  in  which  it  detects  specific  tampering  to  go  through  a 
validation  check  for  authenticity  according  to  a  posting  on  the 
Windows  Genuine  Advantage  blog. 


HP,  Microsoft  deal 
challenges  IBM 
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We  put  nine  backup-and-restore 
products  to  the  test  and  discovered 
that  the  entire  class  of  products  has 
gained  sophistication.  However,  Symantec's  Backup  Exec  stands  out  as  the  best  of  the 
bunch.  Page  26. 
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■  HP  is  strengthening  ties  to  Microsoft 
to  provide  a  broadened  portfolio  of 
business  software  products  to  the 
enterprise  market  while  deliver¬ 
ing  a  competitive  blow  to  rival 
IBM.  HP  and  Microsoft  last  week 
announced  a  joint  $300  million 
three-year  investment  to  sell  five 
types  of  enterprise  technology: 
Messaging  and  unified  communi¬ 
cations,  including  e-mail,  instant 
messaging  and  video  conferenc¬ 
ing:  collaboration  and  content 
management,  software  that  lets 
geographically  dispersed  employ¬ 
ees  collaborate  on  text,  database, 
video  and  other  files;  business 
intelligence,  the  analysis  of  data  to  help 


drive  business  decisions;  business 
process  integration,  which  refers  to  the 
processes  enterprises  use  to  run  their 
businesses;  and  core  infrastructure,  the 
management  of  an  enterprises  com¬ 
puter  systems.  The  collaboration  will 
generate  30  new  products  and  services 
in  the  next  year  to  20,000  shared  cus¬ 
tomers  of  the  two  companies. 

Al  Shugart,  disk-drive 
pioneer,  dies 

■  Al  Shugart,  founder  of  Seagate  Tech¬ 
nology  and  a  pioneer  in  the  disk-drive 
industry,  died  last  week.  He  had  had 
open-heart  surgery  six  weeks  ago  at 
age  76.  Shugart,  a  colorful  person  (and 
not  only  for  his  wildly  patterned 
Hawaiian  shirts),  will  be  remembered 
See  News  Briefs,  page  6 


Clear  Choice  Test: 

Identity  Engines  Ignition  3.2  is  an  appliance  that 
is  adept  at  central  policy  management.  Page  32. 
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continued  from  page  5 

as  the  founder  of  one  of  the  largest  disk-drive  com¬ 
panies  and  for  running  his  dog  Ernest  as  a  candidate 
for  Congress.  He  wrote  about  the  Bernese  Mountain 
Dog’s  campaign  in  Ernest  Goes  to  Washington  (Well, 
Not  Exactly).  Described  as  sometimes  being  gruff, 
Shugart  was  known  at  Seagate,  which  he  founded  in 
1979,  for  grooming  young  executives.  After  a  1998  dis¬ 
pute  with  the  board,  Shugart  was  ousted.  Reported 
nearly  broke,  Shugart  moved  to  Santa  Cruz,  Calif., 
opened  a  bar,  surfed,  bought  a  fishing  boat  and 
founded  a  venture-capital  firm,  A1  Shugart  Inter¬ 
national,  which  funds  entrepreneurs  and  small  com¬ 
panies.  After  leaving  Memorex  in  1972, Shugart  found¬ 
ed  Shugart  Associates,  a  developer  of  floppy  disks 
used  in  PCs,  and  Shugart  Technology  Shugart  is  also 
known  for  developing  the  SCSI  interface  in  1986. 

Site  to  check  Internet  traffic  pulse 

■  A  University  of  Minnesota  researcher  says  he 
expects  to  unveil  a  Web  site  in  the  next  few  weeks 
designed  to  track  Internet  traffic  around  the  world. 
The  Minnesota  Internet  Traffic  Studies  site  will  inte¬ 
grate  with  more  than  100  sites  around  the  world  — 
some  academic  and  others  commercial  —  that  track 
network  traffic,  said  Andrew  Odlyzko,  director  of  the 
Digital  Technology  Center  at  the  University  of 
Minnesota  and  a  speaker  at  last  Tuesday’s  Internet 
Bandwidth  Supply  &  Demand  conference  at  Boston 
University,  which  was  organized  by  Information 
Gatekeepers.  In  addition,  carriers  will  share  some  of 
their  network  traffic  numbers  under  nondisclosure 
agreements,  so  that  traffic  loads  and  patterns  can  be 
analyzed  and  shared,  but  without  revealing  individ¬ 
ual  carrier  numbers,  he  said.  Odlyzko  is  a  mathemati¬ 
cian  who  spent  26  years  at  Bell  Telephone 
Laboratories  and  its  successors.  He  said  he  hopes  the 
forthcoming  site  will  help  to  address  such  hard-to- 
predict  things  as  where  network  demand  will  come 
from  and  how  fast  traffic  is  likely  to  grow. 

Qwest  adds  antivirus  service 

■  Qwest  last  week  rolled  out  antivirus  and  antispam 
enhancements  for  its  business-VPN  and  security  ser¬ 
vices  customers.  The  carrier’s  AVAS  gateway  service 
guards  companies  against  receiving  unsolicited  e- 
mail,  viruses,  worms  and  unwanted  content  at  their 
external  network  perimeter.  The  managed  service 
offers  an  online  portal  that  lets  users  control  thresh¬ 
olds,  reporting,  filtering  and  account  preferences. 
Customers  initiate  the  service  by  configuring  their 
mail  exchange  record  to  point  to  a  Qwest-specified 
network  mail-exchange  record.  All  e-mail  is  then  fil¬ 
tered  through  AVAS  before  reaching  the  user.  AVAS  is 
available  nationwide.  Qwest  joins  other  carriers  in  the 
e-mail  security  market.  In  August,  XO  Communi¬ 
cations  announced  the  availability  of  an  e-mail  secu¬ 
rity  and  disaster-recovery  service  that  assists  busi¬ 
nesses  in  combating  Internet  junk  e-mail,  denial-of- 
service  attacks  and  viruses. 


Verizon  Business  plans  to  offer 
telepresence 

■  Verizon  Business  said  last  week  it  will  offer 
Polycom’s  telepresence  video  system  to  its  large 
business  customers. The  nonexclusive  arrangement 
comes  almost  two  months  after  Verizon  Business 
said  it  would  test  and  conduct  customer  trials  of 
Cisco’s  competing  Telepresence  1000  and  3000 
video  systems.  Cisco  unveiled  its  sys¬ 
tems  in  October. “Verizon  Business  has 
meaningful  business  relationships  with 
both  Cisco  and  Polycom,”  a  Verizon 
Business  spokesman  says.  “When  it 
comes  to  providing  our  customers  with 
the  best  products  and  services,  we  are 
vendor  neutral.”  Telepresence  creates 
lifelike  virtual  meetings  for  participants 
using  large  screens  and  high-definition 
video  to  make  them  feel  as  though  they  are  all  in 
the  same  room  with  one  another.  In  Cisco’s  case,  the 
systems  require  15Mbps  of  bandwidth.  The  new 


TheGoodTheBadTheUgly 

From  Windows  to  robots.  Microsoft  Corp.  last 
week  released  the  commercial  version  of  its  software  for  robots, 
hoping  to  shape  the  market  much  as  it  did  for  PC  software  a  few 
decades  ago.  its  Robotics  Studio  includes  programming  tools  intend¬ 
ed  to  make  it  easier  to  write  robot  applications,  and  a  run-time  envi¬ 
ronment  that  allows  them  to  be  used  and  reused  on  different  types 
of  hardware.  (IDG  News  Service) 

<  Ready  to  slack  off?  Work  productivity 
notoriously  dips  during  the  winter  holiday  season  but  a  sur¬ 
vey  released  last  week  suggests  that  employee  productivi¬ 
ty  takes  a  nosedive  for  an  entire  month  surrounding 
Christmas,  Whether  it's  because  of  laziness,  vaca¬ 
tion  time  or  other  factors,  productivity  begins  drop¬ 
ping  during  the  two-week  period  before  Christmas, 
according  to  a  survey  of  computer  use  by  Arlington, 
Mass.,  Glance  Networks,  a  maker  of  Web  demos  soft¬ 
ware. 

Beware  the  ‘Rock  Phish’.  The  first  thing  you  need 
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If  there  is  a  killer  application,  it 
is  video.  Just  watch  what  has 
occurred  with  YouTube,"  where 
more  than  40  million  videos,  at 
over  200TB,  are  streamed  per 
day.  “I  would  consider  that 
baby-steps  in  terms  of  [poten¬ 
tial  future]  loads  on  networks.” 


to  know  about  Rock  Phish  is  that  nobody  knows  exactly  who,  or  what, 
it  is.  But  security  experts  suspect  that  Rock  Phish  is  a  person,  or 
perhaps  a  group  of  people,  who  are  behind  as  much  as  one-half  of 
the  phishing  attacks  being  carried  out  these  days.  “They  are  sort  of 
the  Keyser  Soze  of  phishing,"  said  Zulfikar  Ramzan,  senior  principal 
researcher  with  Symantec's  Security  Response  group,  referring  to 
the  secretive  criminal  kingpin  in  the  1995  film  “The  Usual  Suspects." 
'They're  doing  some  pretty  scary  things  out  there."  (IDG  News 
Service) 


in  January.  They  now  say  they  expect  to  close  the 
deal  and  begin  operations  in  the  first  quarter  of 
2007,  meaning  possibly  as  late  as  March. 


Worker  faces  U.S.  charges  in  theft 
of  trade  secrets 


Cisco  CEO  John  Chambers 

See  story  at  www.nwdocfinder.com/6558 

offering,  the  Polycom  RealPresence  Experience 
modular  conference  suite,  is  sold  in  combination 
with  Verizon  Business’  Private  IP  VPN  and  Ethernet 
services.  RPX  systems  are  sold  as  custom  rooms 
with  flat-screen  projection  displays,  ceiling  micro¬ 
phones  and  pop-up  LCD  screens  for  sharing  data. 

Bribery  probe  delays  deal 

■  The  planned  merger  of  network  infrastructure 
units  at  Nokia  and  Siemens  AG  won’t  close  by  the 
end  of  this  year  as  expected  because  the  compa¬ 
nies  will  execute  a  compliance  review  of  Siemens, 
spurred  by  the  corruption  investigation  currently 
shaking  the  German  technology  company. 
Authorities  across  Europe  have  been  investigating 
bribery  charges  at  Siemens.  Earlier  this  week,  the 
former  head  of  Siemens’  telecommunications 
equipment  group  —  the  one  to  be  merged  with 
Nokia’s  networks  unit  —  was  arrested  as  part  of  the 
investigation.  The  companies  announced  plans  in 
June  to  merge  the  groups,  creating  a  company 
called  Nokia  Siemens  Networks  that  would  have 
had  combined  revenue  of  $20.9  billion.  They  said 
at  the  time  that  the  deal  would  close  by  year-end 
and  that  the  new  company  would  begin  operations 


■  A  former  Chinese  national  is  facing  U.S.  federal 
charges  of  stealing  trade  secrets  from  a  Silicon  Valley 
company  and  selling  them  to  foreign  governments. 
The  U.S.  Attorney’s  Office  in  San  Francisco  last  week 
filed  a  36-count  indictment  in  U.S.  District  Court  for 
Northern  California  against  Xiaodong  Sheldon  Meng 
accusing  him  of  stealing  military  application  trade 
secrets  from  Quantum3D,  of  San  Jose,  and  using  them 
to  try  to  sell  the  technology  to  the  People’s  Republic 
of  China,  the  Malaysian  Air  Force  and  the  Thailand  Air 
Force.  Quantum3D  designs  high-end  graphics  com¬ 
puters  that  run  visual  simulation  training  software  for 
military  applications  such  as  flight  simulators.  Meng,  a 
onetime  employee  of  Quantum3D,  stole  the  trade 
secrets  with  the  intent  that  they  would  be  used  to  ben¬ 
efit  those  foreign  governments,  according  to  the  U.S. 
Attorney  Kevin  Ryan. 

COMPENDIUM 

Kinder  Web  huackers 

Seth  Finkelstein  says  spammers  are  now 
breaking  into  vulnerable  Web  sites  and  qui¬ 
etly  inserting  links  to  their  sites  in  obscure 
spots  —  but  still  good  enough  to  help 
increase  their  sites'  Google  rankings.  Read 
more  at  www.nwdocfinder.com/6553. 


PEERSAY 

From  our  online  forums 


■  NAS  question.  A  user  with 
a  network  that  has  to  bridge 
two  types  of  connectivity  asks: 
"Is  there  any  product  that  is  an 
external  USB  hard  drive  (NAS) 
which  has  the  dual  capability  to 
simultaneously  have  connec¬ 
tions  from  LAN  (RJ45  network 
cable)  and  USB?" 
www.nwdocfinder.com/6545 
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FOLLOW  THESE  LINKS  TO  MORE  RESOURCES  ONLINE 


BLOGOSPHERE 


Microsoft’s  butt  hinge 

Plus:  lOOTbps  routers  and  the  Blackjack  lawsuit 


BEST  OF  NW  S 

Planning 
ahead  for 
802.1  In 

Plus:  Spoofing 
on  steroids 


■  What  to  call  100GB 
Ethernet?  Let  the  naming 
wars  begin!  Thomas  writes: 
"Creating  a  new  standard  also 
involves  the  creation  of  new 
abbreviations  as  well  as  expec¬ 
tations  on  feasibility  and  the 
availability  time  line." 
www.nwdocfinder.com/6546 

■  Lesson  that  bears  repeat¬ 
ing.  One  user  says  the  C-level 
execs  who  buy  large  network 
infrastructures  need  to  look  at 
recurring  costs:  "Don’t  get 
caught  up  in  initial  capital 
costs,  as  they  will  only  be  one 
small  part  of  the  equation.” 
www.nwdocfinder.com/6547 

■  When  the  big  swallow  the 
small.  One  user  doesn't  think 
much  of  big  vendors  buying  up 
small  vendors  with  innovative 
technologies:  "What  is  the  rea¬ 
son  behind  these  behemoths 
getting  credit  for  purchasing 
technology  that  everyone 
knows  will  never  be  integrated 
properly  into  their  existing 
products?" 

www.nwdocfinder.com/6548 

■  Microsoft  robots.  Can 

Microsoft  make  robots  that 
don't  need  to  reboot  every  day? 

www.nwdocfinder.com/6559 

■  Get  a  free  community 
account.  You’ll  be  able  to  get 
e-mail  notification  of  discus¬ 
sions  and  replies  you’re  partic¬ 
ularly  interested  in.  And  your 
posts  will  go  up  right  away, 
instead  of  waiting  for  an  editor 
to  approve  them. 
www.nwdocfinder.com/6560 

■  NetWare  lives.  One  user 
reports  his  shop  is  getting 
ready  to  ditch  Active  Directory 
for  NDS  running  on  NetWare 
servers.  And  next  year,  the 
company  is  upgrading  all  its 
desktops  to  Windows  XP. 
www.nwdocfinder.com/6571 


Microsoft’s  butt  hinge.  News  Editor  Paul 
McNamara  asks,  “Why  does  the  maker  of  Win¬ 
dows  hold  a  patent  on  a  door  hinge?”With  the 
Google  Patent  Search  tool,  he  found  that  Mic¬ 
rosoft  holds  a  patent  for  a  “butt  hinge  with  inte¬ 
grally  formed  butt  straps” —  and  it’s  a  real  door 
hinge,  not  some  new  software  lingo.  Has  Micro¬ 
soft’s  diversification  effort  gone  too  far?  www. 
nwdocfinder.com/6561 

Ludicrous  speed!  Among  the  10  supercon¬ 
ductivity  breakthroughs  expected  in  2007  is 
technology  to  process  optical  signals  in  inter¬ 
connecting  circuits,  which  could  lead  to 
lOOTbps  routers.  Research  blog  Alpha  Doggs  re¬ 
ports  that  the  list  of  breakthroughs,  compiled  by 
a  developer  of  superconducting  microelectron¬ 
ics  technology  includes  a  10  teraflops  worksta¬ 
tion.  www.nwdocfinder.com/6562 

Kinder,  gentler  pagejackers.  Out:  Defacing 


Web  sites  for  political  statements  or  graffiti.  In: 
Breaking  into  well-respected  Web  sites  to  quietly 
add  links  to  some  phishing  or  other  site  and 
boost  its  Google  PageRank.  Compendium’s  Adam 
Gaffin  reports,  www.nwdocfinder.com/6563 

Black*.  If  you’ve  seen  the  commercial  for  Sam¬ 
sung’s  Blackjack  smart  phone  and  thought, 
“Amazing  they  got  away  using  ‘Black’  in  the 
name,”  you’re  not  alone.  Layer  8  wondered  that 
as  well,  and  now  Research  in  Motion  is  suing 
Samsung  for  trademark  infringement  against  its 
BlackBerry  Coincidentally,  the  devices  look  pretty 
similar,  too.  www.nwdocfinder.com/6564 

Last  chance.  Keith  Shaw  notes  in  the  Cool 
Tools  blog  that  Skype  will  soon  be  charging  for 
calls  to  non-Skype  landlines  or  cell  phones.  An 
unlimited  calling  plan  will  be  available  for  $30  a 
year,  or  users  could  pay  2.1  cents  a  minute. 
www.nwdocfinder.com/6565 


Hot  Seat  interviews,  the  coolest  tools  and  more 


Hot  Seat: 

Good  will 
hacking. 

Fiberlink's 

Dan 


Hoffman  uses  his  hacking 
skills  to  show  customers 
how  vulnerable  they  may  be. 

www.nwdocfinder.com/6554 


Coo!  Tools: 

Travelin’ 
tech. 

West 
Coast 
"correspondent”  Joel 
Snyder  tells  Keith  Shaw 
about  his  experiences  with 
wireless  travel  routers,  and 
explains  why  the  SMC  ver¬ 
sion  is  his  favorite. 
www.nwdocfinder.com/6555 


Twisted  Pair 
Podcast: 

When 
Regis 
blogs,  you 
know  it’s  over. . .  Jason 
Meserve  and  Keith  Shaw 
talk  about  the  latest  cyber¬ 
terrorist  threats  and 
whether  blogging  is  official¬ 
ly  over  the  hump. 
www.nwdocfinder.com/6556 


ASK  THE 

HELPDESK  Find  the  answers  to  these  prickly  problems  online. 

This  week:  Newbie  gets  acquainted  with  broadband. 


Ron  Nutter  helps  a  network  newbie  get  her 
house  ready  for  broadband 

Help  desk  response: 
www.nwdocfinder.com/6549 

Ratinder  Paul  Singh  Ahuja  looks  at  regulation 
protecting  personal  information. 

Help  desk  response: 
www.nwdocfinder.com/6550 


M.E.  Kabay  tackles  a  cost-benefit  analysis  of 
network  security. 

Help  desk  response: 
www.nwdocfinder.com/6551 

Mike  Karp  examines  data  compression. 

Help  desk  response: 
www.nwdocfinder.com/6552 


Wireless  in  the  enterprise: 

Approved  standards  for  802. 1 1  n 
aren’t  expected  for  another  18 
months  but  it’s  not  too  early  to 
start  thinking  how  it  will  affect 
your  wireless  strategy  Newsletter 
author  Joanie  Wexler  looks  at 
where  you  need  to  prepare. 
www.nwdocfinder.com/6539 

IT  careers  and  training: 

Experts  say  the  perfect  way  to 
answer  job  interview  questions 
is  by  telling  the  interviewer  how 
you  solved  problems  at  work 
and  achieved  results  for  your 
employer  —  even  if  some  pro¬ 
ject  didn’t  go  as  planned.  Senior 
Online  News  Editor  Linda 
Leung  explains. 

www.nwdocfinder.com/6540 

Unified  communications: 

You’ve  heard  of  spoofed  e-mails 
—  false  e-mails  that  are  suppos¬ 
edly  from  genuine  sources.  How 
soon  will  it  be  before  hackers 
begin  leaving  messages  on  your 
voice  mail  supposedly  from 
your  bank  asking  for  personal 
information?  Analyst  Michael 
Osterman  reports. 
www.nwdocfinder.com/6541 

Servers:  Cedars-Sinai  Medical 
Center  is  using  Sun’s  Grid  Rack 
system  to  process  and  analyze 
data  that  could  lead  to  new 
treatments  for  life-threatening 
and  chronic  diseases.  Senior 
Editor  Deni  Connor  reports. 
www.nwdocfinder.com/6542 

New  data  center  strategies: 

As  data  center  networks  get 
faster,  could  the  next  step  be 
splitting  RAM  from  the  blade 
servers?  Analyst  Andreas  M. 
Antonopoulos  take  a  look. 
www.nwdocfinder.com/6543 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder.com/ 1 002 
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No  time  to  spare? 


No  time  to  compare? 


Introducing  Network  World's 
Living  IT  Buyer's  Guides  on 
networkworld.com 

•  Enterprise-grade  IT  products  and 
services 

•  Thousands  of  details,  hundreds 
of  products,  continually  updated 

•  In-depth  searchable  database 

•  Fast  side-by-side  product  comparisons 

•  Clear  Choice  Test  Results 


www.networkworld.com/buyersguides 
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ADVERTISING  FEATURE 


Lessons  from  Leading  Users 


Tis  the  season  for  the  Postal 
Service  network  to  deliver 


Five  penny-pinching  tips 

Robert  Otto,  CTO  of  the  U.S.  Postal  Service,  has  the  reputation 
of  being  a  penny  pincher  when  it  comes  to  negotiating 
contracts  with  vendors.  Otto  offers  the  following  tips  for 
driving  down  costs  on  network  contracts: 

•  Wait  until  right  before  a  vendor's  fiscal  quarter  or  year-end  to  sign  deals  to  get 
your  best  deal.  “Every  week  you  make  them  sweat  by  not  signing  up,  the  deal  gets 
better,"  Otto  says. 

•  Demand  discounts.  Otto  won’t  sign  a  contract  without  a  30%  to  40%  discount. 
Some  of  his  discounts  are  as  high  as  95%. 

•  Be  willing  to  walk  away.  "I've  had  to  walk  away  from  two  contracts  over  the  last 
seven  years,"  he  says.  “You  better  be  prepared,  because  it  will  cost  you  more  to 
set  up  an  alternative  solution.  But  in  both  cases,  after  six  months,  the  companies 
came  back  and  wanted  to  renegotiate." 

•  Sign  a  long-term  deal  to  get  bigger  discounts.  "If  you  are  willing  to  sign  a  five-  or 
seven-year  deal  instead  of  a  three-year  deal,  you'll  be  surprised  at  the  discounts," 
Otto  says.  He  includes  a  clause  so  he  can  terminate  contracts  at  his  convenience. 

•  Benchmark  your  prices.  USPS  demands  the  best  pricing  in  the  industry  and 
benchmarks  those  prices  with  Gartner.  Otto  is  looking  forward  to  the  award  of  the 
10-year,  $20  billion  federal  Networx  telecom  program  expected  in  March  2007  so 
he  can  benchmark  his  rates  against  Networx  rates. 


BY  CAROLYN  DUFFY  MARSAN 

he  U.S.  Postal  Service  expects  to 
ship  20  billion  packages  and  let¬ 
ters  this  holiday  season.  Behind 
that  massive  workload  is  an  equally 
massive  VPN  that  is  at  the  forefront  of 
telecom  industry  trends,  including 
dual  sourcing  and  long-term  con¬ 
tracting. 

USPS  has  one  of  the  largest  networks 
in  the  world,  connecting  38,000  loca¬ 
tions  nationwide  and  supporting 
335,000  users.  It  spends  around  $180 
million  per  year  on  its  network  infra¬ 
structure. 

USPS  overhauled  its  data  and  voice 
networks  in  2006.  The  independent 
federal  agency  renegotiated  and 
expanded  its  primary  data  network 
contract,  while  using  a  secondary  con¬ 
tract  to  upgrade  3,000  sites.  The  out¬ 
sourced  network  is  being  upgraded  to 
support  T-l  and  above  connections  at 
all  of  its  sites. 

“In  the  last  year,  we  upgraded  almost 
everything, got  additional  services  and 
saved  $22  million,”  says  Robert  Otto, 

CTO  of  USPS.  “For  the  next  three  years,  we  have 
achieved  $73  million  in  cost  avoidance  because  of  the 
contracts  [awarded  this  year].  I’m  not  only  increasing 
my  capabilities,  but  I’m  avoiding  additional  costs.” 

For  USPS,  the  network  is  critical  for  processing,  deliv¬ 
ering  and  managing  mail  movement.  So  much  of  the 
organization’s  operations  are  automated  that  if  a  post 
office  were  to  lose  its  network  connectivity,  it  would 
have  to  switch  over  to  an  old-fashioned  manual 
process  for  handling  mail  and  retail  transactions. 

“The  network  is  either  your  strength  or  your  weak¬ 
ness,”  Otto  says.  “It’s  really  key  in  our  organization 
because  we  want  to  move  to  self-service  to  allow 
employees  and  customers  to  do  almost  everything  for 
themselves.  If  you  don’t  have  a  robust  network,  you 
have  a  problem.” 

Outsourcing  and  dual  sourcing 

USPS  was  an  early  advocate  of  network  outsourcing, 
awarding  a  contract  to  MCI  to  handle  its  WAN  infra¬ 
structure  in  1997.  The  contract,  dubbed  MNS,  for 
Managed  Network  Services,  worked  well  until  MCI  par¬ 
ent  company  WorldCom  hit  the  financial  skids  in  2002. 

That’s  when  Otto  decided  it  was  too  risky  for  USPS  to 
stick  with  MCI  —  now  Verizon  Business  —  as  its  only 
network  service  provider. 

“1  wanted  to  move  to  a  two-provider  network  where 
in  essence  I  had  two  big  players  owning  portions  of 
my  network,  and  then  I  could  leverage  them  against 
each  otherf  Otto  says. 

USPS  initially  tried  to  hire  a  systems  integrator  to 


manage  its  data,  voice,  video  and  wireless  networks, 
but  that  approach  failed.  In  October  2004,  USPS  award¬ 
ed  Lockheed  Martin  an  18-year,  $3  billion  contract  that 
was  supposed  to  replace  the  old  MCI  arrangement.  It 
canceled  the  Lockheed  Martin  deal  in  July  2006. 

“There  was  an  attempt  by  the  systems  integrators  to 
move  into  the  core  network  services,  but  they  were  not 
quite  as  agile  as  we  can  be  in  terms  of  reacting  to 
change  and  technology  insertion,” says  Jerry  Edgerton, 
group  president  for  Verizon  Federal.  “Now  USPS  has 
gotten  an  arrangement  where  they  are  dual  sourced 
. . .  .We  happen  to  think  that’s  the  wave  of  the  future.” 

In  October,  USPS  renewed  its  original  MNS  contract 
with  Verizon  Business  for  four  more  years.  USPS  also 
expanded  the  contract  to  let  Verizon  Business  manage 
its  LAN  switches  and  wireless  access  points. 

“Verizon  Business  went  back  and  renegotiated  their 
pricing,”  Otto  says.  “We  probably  got  a  10%  to  12% 
reduction  with  our  costs.” 

Winning  the  MNS  contract  extension  validates  that 
Verizon  Business  had  put  its  WorldCom  woes  behind 
it,  Edgerton  says. 

Meanwhile, AT&T  has  migrated  3,000  USPS  sites  to  its 
network  under  a  separate  deal.  AT&T  also  provides 
USPS  with  interactive  voice  response  systems  and  a 
Web  portal  for  IT  help  desk  services. 

“AT&T  runs  the  full  gamut  with  Postal,  providing 
everything  from  VoIP  services  to  supporting  all  of  their 
call  centers,”  says  James  Hollar,  AT&Ts  client  business 
manager  for  the  U.S.  Postal  Service.  “We’re  in  the  pro- 

See  USPS,  page  14 
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Vendor  Solutions  for  Your  IT  Challenges 


COMPANY:  Netcordia 

OVERVIEW:  Founded  in  2000,  Netcordia  develops 
NetMRI,  an  automated  Best  Practices  based  network 
management  appliance.  NetMRI  is  the  most  comprehen¬ 
sive,  fully  integrated  network  diagnostic  tool  for  enter¬ 
prise  and  government  networks. This  plug  and  play  unit 
allows  a  network  engineer  to  easily  and  quickly  identify 
issues  with  respect  to  VoIP,  configuration  compliance, 
VLAN,  and  IP  within  the  network. 

CHALLENGE:  As  technology  is  becoming  an  integral 
part  of  everyday  business,  enterprises  are  placing  more 
rigorous  demands  on  their  networks,  expecting  high 
reliability,  rapid  response  time,  consistency  and  compli¬ 
ance.  These  demands  have  network  engineers  searching 
for  a  way  to  proactively  and  cost-effectively  manage  the 
network  infrastructure  without  utilizing  too  much  staff 
time  and  energy. 

SOLUTION:  Netcordia  provides  the  solution  with 
NetMRI,  an  award-winning  network  analysis  appliance 
that  goes  beyond  reporting  to  provide  analysis  based 
upon  expert  rules  and  best  practices.  With  NetMRI,  net¬ 
work  managers  can  optimize  their  networks,  pinpointing 
and  solving  present  and  potential  hot  spots.  What  may 
have  previously  taken  numerous  IT  professionals  hun¬ 
dreds  of  hours  to  uncover,  a  single  NetMRI  unit  now  easily 
finds  in  minutes. 

Monitoring  and  network  management  tools  typically 
capture  statistics  from  interfaces,  links  and  protocols, 
draw  maps  and  graphs  and  send  real  time  alerts  about 
fault  conditions.  NetMRI  correlates  the  statistics  and 
applies  rules  of  logic  for  troubleshooting  in  a  useful 
browser-based  view  or  report.  NetMRI  takes  the  next  step 
with  its  configuration  capabilities  that  allow  customers  to 
automatically  fix  problems,  and  create  their  own  custom 
best  practices.  NetMRI  establishes  accuracy,  integrity  and 
reliability  in  significantly  less  time  than  legacy  offerings. 

•  DiagnosticBase™  best  practices  built  in 

•  Automatically  discovers  entire  infrastructure, 
analyzes  it,  and  makes  suggestions 

•  Easy  to  understand,  self  running 

•  Low  total  cost  of  ownership 

Netcordia" 

NetMRI" 

410-266-6161 

www.netcordia.com 


comes  together, 

Blue  Rhino  sizzles. 


EMC 

where  information  lives* 
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Information  lives  at  Blue  Rhino,  a  midsize  company  that  had  a  king-size  problem.  As  the  #1  brand  in  propai 
every  year.  But  their  IT  budget  wasn’t.  They  chose  an  EMC®  solution  that  gave  them  less  downtime,  faster  backups 
hardware  and  software,  delivered  a  high  degree  of  flexibility  at  an  affordable  price,  and  allowed  them  to  keep  their  focus  on 
profile  at  www.EMC.com/BlueRhino.  To  see  what  EMC  can  do  for  you,  talk  to  your  EMC  Velocity2  Partner  or  call  866-796-6369. 
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Network  World’s  homegrown  shows 

From  DEMO’s  gadgets  to  The  Security  Standard’s  focus  on  network  protection 


Events 

continued  from  page  1 

for  the  larger  get-togethers  to  aggregate 
people,  but  [then]  it  tends  to  segment.” 

Enter  the  boutique  event.  These  smaller 
shows  with  a  tight  focus  on  one  aspect  of 
technology  —  think  VON,  CT1A  Wireless, 
RSA  Conference  —  promise  greater  value 
and  fewer  sore  feet  than  sprawling  trade 
shows  that  try  to  be  everything  to  everyone. 

It’s  the  popularity  of  the  Internet  —  where 
information  on  just  about  anything  can  be 
sliced  and  diced  within  seconds  —  that  has 
brought  about  the  focused  trade  show  of 
today  says  Rick  Geritz,  CEO  of  BD  Metrics, 
makers  of  attendee-relationship  manage¬ 
ment  technology 

However,  the  larger  shows  still  offer 
value,  especially  for  attendees  looking  to 
investigate  three  or  four  technologies  at 
an  event. 

Today  there  are  ways  to  avoid  wander¬ 
ing  aimlessly  through  conference  halls; 
many  shows  including  Interop  offer  con¬ 
ferences  within  a  conference  that  stack 
up  sessions  dedicated  to  a  topic  such  as 
network  security  or  mobility.  And  com¬ 
panies  such  as  BD  Metrics  have  devel¬ 
oped  technology  that  attempts  to  make 
a  boutique  show  out  of  a  sprawling  expo 
by  highlighting  only  what  the  attendee 
wants  to  learn  about  —  based  on  title, 
keywords,  vendors  they  want  to  contact 
and  so  on  —  in  the  context  of  a  full-con¬ 
tent  event,  Geritz  says. 

We’ve  scanned  the  IT  trade  show  calen¬ 
dar  for  2007  to  come  up  with  a  list  of  events 
that  will  likely  offer  the  most  bang  for  your 
buck.  Incorporating  the  experiences  of  the 
Network  World  staff,  which  collectively  have 
attended  dozens  of  events  in  2006,  follow¬ 
ing  is  a  list  of  what  will  be  worth  your  time: 

Consumer  Electronics  Show  (CES),  Las 
Vegas,  Jan.  8-11 

CES  is  the  new  Comdex,  with  attendee 
estimates  as  high  as  140,000  for  the  2007 
event.  But  despite  its  size,  many  show  vet¬ 
erans  say  if  you  want  to  take  the  pulse  of 
the  industry,  CES  is  where  to  do  it.  With  1.7 
million  square  feet  of  expo  space  the 
event  is  giant  —  no  doubt  you’ll  leave  feel¬ 
ing  you’ve  missed  something  —  but  offers 
a  great  view  of  the  intersection  of  the  PC 
and  entertainment  industries;  keynote 
speakers  for  next  year’s  event  include  Bill 
Gates  and  Michael  Dell  as  well  as  the  pres- 
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Save  yourself  a  few  trips 

Sign  up  for  Network  Worlds  Trade  Show  News  Alert, 
a  monthly  collection  of  headlines  from  events  covered 
by  Network  World 

www.nwdocfinder.com/6557 


Not  to  toot  our  own  horn  too  loudly, 
but  Network  World  has  its  own 
portfolio  of  events  that  cover  a  wide 
range  of  technologies  and  professional 
interests.  A  complete  list  of  our  events  is 
at  www.nwdocfinder.com/6525;  below  are 
some  of  the  highlights  for  next  year: 

DEMO  '07,  Palm  Desert,  Calif.,  Jan.  30 
—  Feb.  1  (www.nowdocfinder.com/6538) 
DEMO  is  unique.  Targeted  primarily  at 
investors,  big  vendors  with  acquisition 
on  their  minds  and  high-level  technology 
execs  who  want  to  see  what's  coming 
down  the  pike,  this  event  is  for  start-ups 
to  take  the  stage  for  six  minutes  and 
give  their  pitch.  While  many  of  the  com¬ 
panies  have  a  consumer  focus,  DEMO 
offers  a  venue  for  spotting  new  technol- 


idents  of  Walt  Disney  and  CBS. 

As  for  the  show’s  focus,  you  may  need  to 
pass  by  dozens  of  consumer  gizmos  before 
coming  across  something  you  would  actu¬ 
ally  allocate  budget  for.  At  first  blush  enter¬ 
prise  IT  types  might  brush  off  all  that  gad- 
getry  as  irrelevant,  but  as  one  Network 
World  staffer  puts  it:  “Your  boss  called,  he’s 
shutting  down  the  branch  offices  and 
wants  the  sales  reps  to  work  from  home.  OK 
if  they  pick  out  their  own  [small  office/ 
home  office]  IT  gear,  expense  it  and  have 
you  support  it?”Visiting  CES  might  give  you 
the  familiarity  with  new  technology  you’d 
need  to  get  through  that  situation. 

Plus  there’s  the  celebrity  sightings:  Justin 
Timberlake,  Dana  Carvey  Tom  Hanks  and 
Morgan  Freeman  all  appeared  in  2006. 

RSA  Conference,  San  Francisco,  Feb.  6-9 

Going  on  its  16th  year,  the  RSA  Confer¬ 
ence  bills  itself  as  the  world’s  largest 
community  of  information  security  pro¬ 
fessionals.  Conference  tracks  delve  deep 
into  security  technology,  with  2007’s 
event  covering  aspects  such  as  authenti¬ 
cation  and  developing  with  security. 
However,  despite  the  technical  depth  of 
the  content,  it’s  easy  to  get  lost  in  the 
noise  of  this  conference  with  the 
“increasingly  Mardi  Gras-like  parade  of 
vendors,  speeches,  presentations  and 
other  events  that  may  overwhelm  the 
attendee,”  says  one  Network  World 
reporter. 

Any  vendor  serious  about  security  will 
be  on  hand.  Oracle  CEO  Larry  Ellison  will 
take  the  stage  for  the  first  time  at  this 
event, as  well  as  perennial  keynote  speak¬ 
ers  Gates  and,  of  course,  the  head  of  RSA 
Security,  now  owned  by  EMC.  The  theme 
for  the  2007  conference  is  “celebrating 


ogy  trends  in  the  enterprise  or  getting  a 
preview  of  consumer  developments  that 
might  make  their  way  into  the  corpo¬ 
rate  arena. 

IT  Roadmap  Conference  &  Expo, 

Boston  —  March;  Chicago  —  April; 
Santa  Clara  —  June;  Dallas  — 
September;  Washington,  D.C.  — 
November  (www.nwdocfinder.com/6527) 

These  one-day  events  tour  the  country 
throughout  the  year,  focusing  on  a  hand¬ 
ful  of  technologies  in  multiple  tracks. 
Mixing  content  from  analysts,  IT  cus¬ 
tomers  and  vendors,  next  year's  focus 
will  be  on  security,  VoIP,  data  centers, 
mobility,  network  access  control,  net¬ 
work  and  application  acceleration,  net¬ 
work  management  and  storage. 


the  influence  of  15th-century  Renais¬ 
sance  man  Leon  Battista  Alberti,  who  cre¬ 
ated  the  polyalphabetic  cipher/’  accord¬ 
ing  to  the  Web  site.  Perhaps  more  interest¬ 
ing  will  be  the  vendor-sponsored  Texas 
hold  ’em  contest. 

IBM's  SHARE  User  Events,  Tampa,  Fla., 
Feb.  11-16  and  San  Diego  Aug.  12-17 

User  events  can  be  tricky;  they  need  to  be 
technical  enough  to  get  serious  questions 
answered,  but  broad  enough  to  still  be 
interesting.  Attendees  say  the  quality  of  the 
technical  sessions  at  SHARE  User  Events  is 
high  and  the  access  to  IBM  engineers  and 
executives  is  impressive.  Perhaps  that’s 
because  the  event  is  organized  by  SHARE, 
which  is  an  independent,  volunteer-run 
IBM  user  association. 

The  event,  which  began  as  a  gathering 
of  mainframe  users  and  has  been  going 
on  for  more  than  50  years  (www.nw 
docfinder.com/6570),  bills  itself  as  a 
place  where  IBM  users  can  influence 
future  product  direction  and  get  a 
glimpse  of  new  technology  from  Big 
Blue  and  its  partners.  There  are  some 
wacky  antics  —  as  you  may  expect 
would  happen  at  any  show  that’s  been 
running  for  51  years  straight  —  such  as 
sing-alongs  and  Button  Man  sightings. 

LinuxWorld  OpenSolutions  Summit, 

New  York,  Feb.  14-15 

This  new  event,  aimed  at  corporate  IT 
professionals,  is  designed  to  reflect  Linux’s 
move  into  the  mainstream. The  agenda  is 
heavy  on  technical  sessions  and  case 
studies,  and  stresses  attendees  learning 
from  each  other. 

LinuxWorld  OpenSolutions  Summit 
grew  out  of  the  LinuxWorld  conference 


The  Security  Standard,  Chicago, 
September  (date  to  be  announced) 
(www.nwdocfinder.com/6526) 

Organized  by  Network  World  and 
other  IDG  publications,  this  event 
debuted  this  past  September  as  a  two- 
day  confab  designed  to  cover  the  busi¬ 
ness,  political,  technical  and  cultural 
challenges  surrounding  information 
security.  Highlights  of  this  year’s  event 
included  Cisco's  John  Chambers 
keynote  address,  a  panel  of  Microsoft 
executives  gathered  to  answer  securi¬ 
ty-related  questions  and  a  number  of 
speakers  from  enterprises  including 
Wal-Mart,  Thomas  Weisel  Partners, 
Liberty  Mutual  Insurance  Group  and 
Fidelity  Investments. 

—  Cara  Garretson 


to  better  focus  on  corporate  deployment 
of  open  systems  in  verticals  —  the 
February  show  will  cater  to  financial  ser¬ 
vices,  healthcare,  pharmaceutical,  retail, 
media  and  the  public  sector. Topics  to  be 
covered  include  security,  network  man¬ 
agement  and  interoperability,  applica¬ 
tions  and  best  practices,  virtualization, 
desktop  and  legal  issues. 

(This  event  is  organized  by  IDG  World 
Expo,  a  sister  company  to  Network  World!) 

VoiceCon,  Orlando,  March  5-8 

Billing  itself  as  the  place  to  “build  your  IP 
telephony  platform,”  VoiceCon  has  been 
around  for  16  years  and  has  a  concentrated 
audience  with  roughly  5,000  attending  the 
2006  spring  event.  The  content  also  is 
focused,  as  evidenced  by  the  speaker  line¬ 
up  that  includes  top  brass  from  Avaya, Cisco 
and  Nortel.  Sessions  will  touch  on  techni¬ 
cal  issues  such  as  1P-PBX  system  security  as 
well  as  business  concerns  such  as  the  orga¬ 
nizational  impact  of  migrating  to  con¬ 
verged  networks. 

Our  reporters  say  this  event  has  more 
enterprise  appeal  than  VON  and  better  con¬ 
tent  and  speakers  than  Internet  Telephony 
The  spring  version  of  this  show  will  be  the 
one  to  attend  in  2007. 

CTIA  Wireless,  Orlando,  March  27-29 

Run  by  CTIA  —  the  Wireless  Association 
(which  used  to  stand  for  the  Cellular 
Telecommunications  Industry  Association, 
but  the  group  is  looking  to  widen  its  focus), 
this  event  covers  the  spectrum  of  wireless 
developments,  but  its  bread  and  butter  con¬ 
tinues  to  be  cell  phones.  Still,  there  are 
some  enterprise  issues  on  the  event’s  2007 
schedule,  such  as  day-long  programs  dedi- 
See  Events,  page  14 
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Nortel 

continued  from  page  1 

communications,  including  the 
evolutions  on  IPWe  are  very 
committed  to  lead  again  and  we 
believe  we  are  bringing  our 
innovation  back  to  a  core  com¬ 
petency  [with]  smarter  commer¬ 
cialization  of  that  technology. 
And  most  important,  a  company 
that’s  going  to  make  business 
simple  and  more  flexible  than 
any  other  company  out  there. 

Your  plans  to  reduce  R&D  spending 
to  15%  from  17%  of  revenue  means 
your  total  annual  R&D  spend  will 
equal  that  of  Cisco  just  in  the  ser¬ 
vice  provider  market.  How  do  you 
compete  when  you're  being  out- 
spent  by  that  much? 

We  are  very  committed  to 
being  really  relevant  in  all  of  the 
places  where  we  participate.  We 
are  a  strong  No.  2  in  [Code 
Division  Multiple  Access] ,  for 
example.  No.  2  in  [enterprise] 
VoIRNo.2  in  Ethernet  switching; 
No.  1  in  carrier  VoIP  [and]  in 
Metro  Ethernet;  No.  1  in  packet 
switching  and  No.  2  in  optical. 
One  of  the  reasons  we  decided 
to  exit  [Universal  Mobile 
Telecommunications  System] 
(www.nwdocfinder.com/6572)  is 
just  for  that  reason:  four  or  five 
point  market  share,  maybe 
seven.  We  were  so  insignificant. 
The  challenge  for  us  is  spending 
well. We  are  not  underspending 
relative  to  revenues. 

Some  analysts  view  Nortel's 
absence  in  the  current  rounds  of 
consolidation  to  be  a  detriment.  Is 
consolidation  necessary  for  Nortel's 
long-term  survival? 

We  are  in  favor  of  consolida¬ 
tion.  Fewer  [carrier]  customers 
presents  some  pricing  advan¬ 
tages.  Do  we  plan  to  grow  inor¬ 
ganically?  Yes,  we  bought 
Tasman  Networks  [for  enterprise 
routing]. We  bought  [govern- 
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WiMAX  buyer's  guide 

This  guide  includes  product  descriptions 
for  WiMAX-enabled  equipment,  including 
base  stations,  subscriber  units  and 
access  points.  Products  can  include 
equipment  aimed  at  carriers  in  addition 
to  enterprises. 

www.nwdocfinder.com/1050 


MWe  need  to  walk  before 
we  can  run  and  we  have 
quite  a  big  opportunity  in  the 
enterprise. . 


Mike  Zafirovski ,  CEO,  Nortel 


ment  integrator]  PEC.  We  have 
the  joint  venture  with  LG 
[Electronics], 

The  Lucent  and  Alcatel  combi¬ 
nation  is  complementary  [to 
both  companies] .  Lucent  is  big 
in  CDMA,  Alcatel  is  not,  for 
example.  Would  bulking  up  or 
complementing  some  of  our 
portfolio  at  some  time  in  the 
future  be  beneficial?  The  short 
answer  is: of  course. Well  keep 
our  eyes  on  it  very  much. 

Do  you  have  any  specific  goals  or 
priorities  for  each  line  of  business 
-  Mobile,  Metro  Ethernet, 

Enterprise  and  Global  Services  - 
going  into  2007? 

We  just  spent  two  pretty  long 
days  on  budgets.  It’s  pretty  excit¬ 
ing  to  think  what  we  will  be 
able  to  do  with  the  enterprise 
side.  And  to  take  full  advantage 
of  the  collaboration  with 
Microsoft  [on  unified  communi¬ 
cations]  .Also,  we  will  be  work¬ 
ing  very  closely  with  companies 
like  IBM  to  start  introducing  the 
concept  of  ‘Nortel  Inside.’ 

[Nortel  declined  to  elaborate 
on  this  campaign,  which  it 
plans  to  detail  next  year.  Nortel 
and  IBM  already  collaborate  on 
development  of  IP  Multimedia 
Systems  applications  using 
servers  from  both  companies, 
plus  IBM  software.]  Also  we  are 
quite  bullish  on  what’s  going  to 
happen  with  WiMAX. 

Nortel’s  been  quoted  as  sizing  the 
WiMAX  market  at  $7.5  billion  by 
2010.  Is  the  company  sticking  with 
that  forecast  and  are  you  seeing  a 
return  on  your  increased  invest¬ 
ment  in  WiMAX? 

We  are  already  taking  revenue. 
We  are  very  excited  about  our 
announcement  on  a  transaction 
with  Chunghwa  Telecom  from 
Taiwan.  Not  a  trial,  but  an  actual 
order,  which  we’ll  be  delivering 
in  the  first  part  of  next  year.  As 
Sprint,  Chunghwa  Telecom  or 
the  established  players  demon¬ 
strate  the  power  of  WiMAX,  1 
believe  the  upside  is  greater 
than  the  downside,  with  respect 
to  the  size  of  that  market. 


What  can  enterprises  expect  next 
year  from  your  alliance  with 
Microsoft? 

Much  stronger  alignment, 
even  on  the  existing  products 
—  [Microsoft’s  Live 
Communications  Server]  and 
our  product.  What  they  are 
going  to  be  able  to  see  is  a  very 
robust  transition  plan  from 
whatever  customers  currently 
have  to  eventually  unified  com¬ 


NET  INSIDER 
Scott  Bradner 


Last  January  I  made  some  pre¬ 
dictions  in  this  column.  Now  that 
the  year  is  ending,  it’s  time  to  see 
how  I  did  on  a  scale  of  -5  to  +5. 

•  1  predicted  the  courts  would 
throw  out  the  FCC’s  Communi¬ 
cations  Assistance  for  Law  En¬ 
forcement  Act  extensions.  That 
has  not  happened  —  yet.The  first 
court  upheld  the  extension  and 
an  appeal  of  that  decision  was 
denied  earlier  this  month.  The 
game  is  not  over  but  it’s  not  look¬ 
ing  good. -3 

•  1  made  the  call  that  the  under¬ 
lying  purpose  of  the  replacement 
for  the  current  telecom  law 
would  be  to  protect  incumbent 
telephone  companies.  That  clear¬ 
ly  was  the  intent  for  the  bill  that 
was  pending  when  Congress 
recessed  without  acting  on  it. +5 

•  1  predicted  proponents  for  a 
new  telecom  bill  would  claim 
that  it  would  ensure  an  open 
Internet  and  competition  for 
users,  enable  new  applications 
and  continue  the  growth  of  the 
Internet.  I  read  all  of  those  asser¬ 
tions  by  the  traditional  telecom 
folks  during  the  debates. +5 

•  I  talked  about  my  SCO  Group 
predictions  last  week  (www.nw 
docfinder.com/6524).  1  was  all 


munications  solution. They’ll 
see  part  of  that  in  the  latter  part 
of  2007  and  of  course,  that’s 
going  to  become  more  preva¬ 
lent  in  2008  and  beyond.  Most 
significantly,  this  is  opening 
doors  for  both  of  us. 

Any  plans  to  expand  into  the  con¬ 
sumer  market? 

Not  yet.  We  need  to  walk 
before  we  can  run  and  we  have 
quite  a  big  opportunity  in  the 
enterprise  —  large,  medium,  and 
[small  and  midsize  businesses]. 

How  would  you  sum  up  Nortel's 
progress  since  you  joined? 

We’re  absolutely  thrilled  with 
the  reception  from  customers 
and  employees  as  well  as  with 
our  prioritization  on  bolstering 


wrong  (although  I  was  close 
when  I  said  SCO  would  not  be 
able  to  show  any  examples  of 
protected  code). -5 

•  I  said  the  U.S.  Patent  Office 
would  increase  the  number  of 
patents  with  obvious  prior  art.  It’s 
hard  to  tell  on  this.  There  has  cer¬ 
tainly  been  some  news  coverage 
of  patents  that  looked  at  first 
blush  to  be  obvious,  but  it  will 
take  some  time  to  understand 
how  bad  (or  good)  things  are 
with  the  Patent  Office.  0 

•  I  predicted  Congress’s  data 
protection  and  privacy  laws 
would  not  do  much  more  than 
override  strong  state  laws.  I  was 
wrong  on  this,  but  only  because 
Congress  did  almost  nothing  in 
this  area  other  than  a  quite  rea¬ 
sonable  antipretexting  law  that 
was  sent  to  the  president.  Other 
than  that  one  aberration,  which 
was  driven  by  the  publicity 
around  the  HP  case,  Congress 
did  not  do  the  useful  things  that 
I  thought  it  would  not  do. +4 

•  I  predicted  AT&T’s  half-billion- 
dollar  ad  campaign  would  do  lit¬ 
tle  more  than  enrich  an  ad  com¬ 
pany  I’ve  thought  about  it,  and  1 
do  not  recall  any  AT&T  ads.  So  it 
looks  to  me  like  any  money  spent 
was  not  well  spent.  +5 

•  I  predicted  Intel  spending  $2 
billion  and  never  mentioning 
Intel  Inside  also  would  mostly 


the  processes,  putting  in  Six 
Sigma  [principles]  to  address 
our  quality  standards  and  reinsti¬ 
tuting  [time-to-market]  —  a 
sophisticated  product  introduc¬ 
tion  process  that  the  old  Nortel 
used  to  have  to  really  pump 
products.  I  give  ourselves  an  A- 
plus  on  that. 

I  wish  we  had  made  more 
progress  on  our  gross  margins 
[Nortel  was  shooting  for  40%- 
plus  but  came  in  at  38%  in  the 
third  quarter,  down  from  39% 
the  year  before]. We’ve  been 
able  to  become  more  competi¬ 
tive  but  industry  pricing  has 
also  been  quite  challenging, 
particularly  on  the  carrier  side. 
The  good  news  is  we  have  sta¬ 
bilized  our  gross  margin 
declines.  ■ 


enrich  an  ad  company  I  do 
remember  seeing  some  Intel  not- 
Inside  ads,  but  they  did  not  stick 
with  me.Advanced  Micro  Devices 
made  more  progress  in  a  number 
of  areas  —  and  I  still  do  not  know 
what  Vi  iv  stands  for. +4 

•  I  anticipated  that  Sony’s  root- 
kit  settlement  would  just  help 
Eliot  Spitzer  become  governor  of 
New  York.  Well,  he  made  it,  and 
there  was  no  other  visible  out¬ 
come. +5 

•  1  predicted  that  the  number 
of  serious  security  issues  in  Win¬ 
dows  would  be  too  many  to 
count.  That  was  not  quite  the 
case.  The  CERT  reported  5,340 
vulnerabilities  in  the  first  three 
quarters  of  2006  —  many  of 
them  Windows-related,  (www.nw 
docfinder.com/  6523)  +2 

•  Finally,  I  predicted  that 
Apple’s  Intel-based  approach 
would  double  its  market  share 
and  be  broken  quickly  permit¬ 
ting  the  software  to  run  on  any 
Intel  platform.  Both  predictions 
were  right. +5 

That’s  27  out  of  a  possible  55. 

Disclaimer:  Harvard  keeps  score 
of  presidents  and  Nobel  prize 
winners,  not  predictions,  so  the 
above  must  be  mine. 

Bradner  is  Harvard  University’s 
technology  security  officer.  He  can 
be  reached  at  sob@sobco.com. 
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cated  to  VoIP  mobility  and  wireless  data, 
the  spring  show  —  the  event  features  a 
mobile  fashion  show  of  wearable  electron¬ 
ics,  and  among  the  industry  luminaries  who 
have  spoken  in  the  past  are  entertainment 
kingpins  Sean  “RDiddy”  Combs  and  Russell 
Simmons. 

Gartner  Symposium/IT  Expo,  San 
Francisco,  April  22-26 

This  conference  covers  a  wide  range  of  tech¬ 
nologies,  business  issues  and  management 
strategies,  but  with  the  benefit  of  the  Gartner 
analysts’  filters;  all  attendees  have  the  opportu¬ 
nity  to  meet  face-to-face  with  as  many  as  three 
Gartner  analysts  during  the  event.  The  speaker 
lineup  for  2007  isn’t  out  yet,  but  this  year’s 
event  attracted  Microsoft  CEO  Steve  Ballmer 
and  Cisco  CEO  John  Chambers,  both  of  whom 
took  the  stage  to  be  grilled  by  Gartner  analysts. 
And  the  analysts  do  the  bulk  of  the  presenting 
at  the  event,  corralling  most  of  the  vendors  to 
the  expo  floor. 

The  event  is  small  and  expensive;  2006’s 
show  had  6,000  attendees,  and  early  bird  reg¬ 
istration  for  the  2007  conference  is  $3,495. 
However,  in  addition  to  access  to  Gartner  ana¬ 
lysts,  the  event  offers  attendees  access  to  each 
other. “The  way  the  show  is  laid  out  ...  every¬ 
body  eats  breakfast  and  lunch  together  in  a 
huge  tent.This  provides  a  great  way  for  people 
to  network,”  a  Network  World  editor  says. 

The  event  is  open  to  all  IT  professionals,  not 
just  Gartner  clients. 

Web  2.0  Expo,  San  Francisco,  April  15-18 

This  new  show  grew  out  of  the  Web  2.0 
Conference,  which  has  become  an  invitation- 
only  event  focused  on  next-generation  Inter¬ 
net  technologies.lt  is  supposed  to  focus  on  the 
practical  application  of  Web  2.0  principles, 
and  will  feature  an  expo  floor  as  well  as  tech¬ 
nical  sessions  and  tutorials. 

Skipping  the  big  ideas  behind  Web  2.0  in 
favor  of  finding  out  how  to  make  these  tech¬ 
nologies  work  sounds  like  a  wise  way  to  spend 
your  travel  budget. 

Storage  Decisions,  Chicago,  May  5-7 

This  highly  focused  event  —  the  one  in 
September  attracted  500  storage  managers  — 
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aims  to  interest  both  storage  specialists  as  well 
as  IT  executives  by  covering  technical  and 
business  issues  related  to  storage.  With  such  a 
small  number  of  attendees, the  event  bills  itself 
as  a  great  place  to  network  with  “true  peers.” 

Little  information  is  available  about  the  May 
2007  event,  as  the  Web  site  focuses  on  the 
pending  December  show,  which  has  as  a 
theme  scaling  storage  while  managing  costs. 
The  speaker  list  for  these  shows  is  heavy  on 
analysts  and  consultants,  with  some  vendors 
and  users  mixed  in. 

Interop,  Las  Vegas,  May  20  -25 

Billing  itself  as  the  meeting  place  for  the 
IP  infrastructure  market  for  the  past  20 
years,  the  spring  version  of  Interop  really 
can’t  be  missed,  unlike  its  fall  counterpart, 
which  in  2007  will  be  in  New  York  and  has 
become  something  of  a  snoozer.  Not  only 
do  the  show  organizers  arrange  programs 
by  technology  -  next  spring’s  show  promis¬ 
es  to  cover  application  networks,  data  cen¬ 
ter,  infrastructure,  network  security, VoIP  and 
collaboration,  and  wireless  and  mobility  — 
but  there  are  also  boot  camps  tailored  to 
specific  titles. 

As  expected  the  show  took  a  hit  in  atten¬ 
dance  following  the  dot-com  bust  and  its 
effect  on  the  network  industry,  as  well  as  the 
tightening  of  IT  budgets  that  ensued.  But  In¬ 
terop  Spring  2006  saw  a  bit  of  a  renaissance 
in  interest  and  buzz,  attracting  around 
18,000  attendees,  according  to  conference 
organizers.  Next  year’s  event  promises  more 
of  the  same. 

NXTComm,  Chicago,  June  18-21 

This  new  show  is  the  melding  of  two  existing 
events,  GlobalComm  (which  grew  out  of 
Supercomm)  and  TelecomNext.  Put  on  by  the 
Telecom  Industry  Association  and  the  United 
States  Telecom  Association,  this  is  another 
event  billed  as  the  place  where  the  IT  and 
entertainment  industries  converge  —  albeit 
with  more  of  a  telecom  slant. 

Not  much  is  known  about  the  event  —  the 
organizers  haven’t  even  officially  decided  on  a 
show  logo  yet  —  but  predictions  put  the  num¬ 
ber  of  attendees  at  22,000.  Because  it  will  fill 


the  void  left  by  the  closing  of  two  other  shows, 
it’s  likely  to  become  the  defacto  must-attend 
telecom  show.  Hopes  are  that  the  event  will 
regain  much  of  the  value  and  buzz  that 
Supercomm  enjoyed  in  its  heyday 

Alternates 

If  you’ve  got  schedule  conflicts  or  quarterly 
travel  budget  restraints  that  would  keep  you 
from  attending  one  of  these  shows,  consider 
the  following  alternatives: 

InfoSec  World,  Orlando,  March  19-21 

If  you  can’t  make  it  to  the  RSA  Conference, 
InfoSec  is  a  good  alternative.  A  bit  quieter  than 
the  RSA  Conference,  InfoSec  also  focuses  on 
all  things  security  and  in  2007  will  offer  ses¬ 
sions  on  a  range  of  topics  including  risk  man¬ 
agement,  identity  theft  and  endpoint  security 
to  mention  a  few. There  also  will  be  a  few  one- 
day  summits  that  drill  down  on  specific  topics, 
such  as  compliance,  and  a  special  track  for 
CISOs.  Plus,  who  would  want  to  miss  William 
Shatner’s  keynote  address  entitled  “A  trek  from 
science  fiction  to  science  fact”? 

Voice  on  the  Network,  Boston,  Oct.  29-Nov.  1 

Celebrating  its  10th  anniversary  this  year 
with  roughly  10,000  attendees  at  the  fall  event, 
VON’s  focus  encompasses  IP  communication 
in  the  enterprise  and  the  development  of 
Internet-based  entertainment.  Speakers  at  this 
year’s  fall  event  ran  the  gamut  from  Ted 
Leonsis,  vice  chairman  of  AOL,  who  talked 
about  the  company’s  expanding  video  ser¬ 
vices,  to  enterprise  types  such  as  a  network  en¬ 
gineer  at  Liberty  Mutual  who  stressed  the  im¬ 
portance  of  VoIP  security  Next  year’s  fall  event 
will  cover  VoIP-related  topics  as  diverse  as 
fixed  mobile  convergence  and  IPTV 

Storage  Networking  World,  San  Diego, 

April  16-19 

Organized  jointly  by  Network  World  sister 
publication  Computerworld  and  the  Storage 
Networking  Industry  Association,  this  relatively 
young  event  enters  its  ninth  year  in  2007.  The 
event  promises  to  highlight  storage  trends 
while  featuring  user  case  studies  and  offering 
hands-on  tutorials  from  SNIA.B 


USPS 
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cess  of  upgrading  the  3,000  sites  that  we 
brought  on  to  high-speed  data  services  of  the 
future.” 

Today,  Verizon  Business  has  75%  to  80%  of 
USPS  network  traffic,  while  AT&T  has  the  rest. 

USPS  is  a  major  customer  for  both  carriers. 
Verizon  Business  earned  $129  million  on  its 
USPS  business  in  2005  and  is  expected  to 
earn  a  similar  amount  in  2006,  according  to 
Federal  Sources,  a  McLean,  Va.,  market- 
research  firm.  Meanwhile,  AT&T  has  grown 
its  USPS  business  from  $4.8  million  in  2005 
to  an  estimated  $35  million  in  2006. 

Dual  sourcing  is  a  good  strategy,  but  it 
requires  additional  management  overhead 


to  oversee  two  contractors  instead  of  one, 
says  Ray  Bjorklund,  senior  vice  president  at 
Federal  Sources. 

“Having  a  single  contractor  is  a  whole  lot  eas¬ 
ier;”  Bjorklund  says,  “but  the  service  perfor¬ 
mance  often  does  go  up  with  dual  sourcing.” 

USPS  is  getting  better  prices,  better  services 
and  upgrades  because  of  the  competition 
between  Verizon  Business  and  AT&T. 

“If  you  go  to  install  a  site,  AT&T  or  Verizon 
will  ask  for  $1,000  for  an  install,”  Otto  says. 
“You  can  get  them  to  negotiate  that  price  by 
pitting  them  against  each  other.  One  waived 
the  fee  and  the  other  reduced  it  to  such  a 
low  number  that  it’s  not  important.  If  you’re 
installing  6,000  sites  and  being  charged 
$1,000  a  site,  you’re  spending  $6  million  for 
the  privilege  of  installing.”  ■ 
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Bridge  Venture  Partners  alone 
counts  BlueNote  Networks,  Blue- 
Shift  and  Bluespec  among  its 
investments.The  Bluetooth  wire¬ 
less  technology  has  created  a 
spectrum  of  colorful  companies 
from  BlueAnt  to  Bluetrek. 

Not  that  the  industry’s  color 
palette  is  limited  to  blue  and  its 
association  with  loyalty  and  trust- 
worthiness.There’s  also  France 
Telecom’s  Orange  mobile  busi¬ 
ness,  Google’s  yellow  enterprise 
search  boxes,  a  rainbow  of  wiring 
color  standards  and  Apple  prod¬ 
ucts,  and  everything  from  the 
Black  Hat  briefings  for  security 
experts  to  such  new  companies 
as  Code  Green  Networks. 

Red  is  popular,  too.  Novell  has 
been  called  Small  Red  and  Big 
Red  for  its  Pantone  485-shaded 
logo  and  the  boxes  in  which  it 
shipped  NetWare  (not  for  its 
financial  results  in  recent  years). 
Ray  Noorda,  the  company’s  late 
CEO,  used  to  tell  a  story  about 
walking  into  a  computer  store 
and  asking  the  clerk  what  color 
box  stood  out  the  best  on  the 
shelf. The  clerk  said  red,  so 
Noorda  went  with  that. The  offi¬ 
cial  story  out  of  Novell  today  is 
that  the  company  did  a  Christ¬ 
mastime  launch  in  the  mid-1980s 
and  decided  on  red,  which  stuck. 


Novell  competitor  Red  Hat  has 
made  a  name  for  itself  in  Linux, 
due  in  part  to  co-founder  Bob 
Young  hamming  it  up  for  the 
cameras  wearing  a  red  fedora. 
Young  has  said  one  reason  the 
company  is  called  Red  Hat  is 
that  red  symbolizes  revolution 
and  liberation.  More  specifically, 
the  name  came  from  co-founder 
Marc  Ewing’s  penchant  for  wear¬ 
ing  a  red  lacrosse  cap  when  he 
was  at  Carnegie  Mellon  Univer¬ 
sity,  as  well  as  his  habit  of  nam¬ 
ing  his  software  projects  Red 
Hat  1 ,  Red  Hat  2  and  so  on. 
While  the  company  originally 
used  a  clip-art  top  hat  as  its  sym¬ 
bol,  today  it  boasts  a  red  fedora 
that  has  a  great  deal  of  meaning 
for  the  company,  says  Chris 
Grams,  director  of  brand  com¬ 
munications  and  design. “The 
fedora  has  become  a  symbolic 
gift  that  Red  Hat  gives  to  em¬ 
ployees  and  others  who  have 
done  great  honor  to  or  service 
for  the  compand’  he  says.“We  all 
wear  our  fedoras  with  pride.” 

Because  of  Red  Hat’s  strong 
brand  recognition,  it  hasn’t  had 
problems  with  customers  confus¬ 
ing  it  with  other  red  companies, 
such  as  telecom  equipment 
maker  Redback.  From  time  to 
time,  however,  it  does  get  mixed 
up  with  the  Red  Hat  Society  an 
organization  for  women  50  and 
older,  who  wear  red  hats  when 


Network  rainbow 

A  sampling  of  the 
industry's  colorful  side. 

•  Red  Hat  co-founder 
Bob  Young  sports  the 
company  colors  on 
the  cover  of  his  book. 


•  IBM  didn't  embrace 
its  Big  Blue  moniker 
right  away,  but 
eventually  even  used 
it  on  its  annual  report  cover. 


Don't  be  confused:  Even 
Extreme  Networks' 
BlackDiamond  switches 
are  purple. 


they  get  together. “We  do  occa¬ 
sionally  get  the  opportunity  to 
talk  to  nice  older  women  about 
why  they  should  consider  using 
Linux  and  open  source  technol¬ 
ogy’  Grams  says. 

Purple  power 

Extreme  Networks  is  a  com¬ 
pany  of  a  different  color:  purple. 

Chairman  Gordon  Stitt,  who 
co-founded  Extreme  in  1996, 
proudly  pleads  guilty  to  choos¬ 
ing  for  his  company  the  color  of 
Teletubby  Tinky-Winky  and 
singer  Donny  Osmond. The 
choice  (made  in  conjunction 
with  an  outside  designer)  grew 
out  of  Extreme’s  logo  color, 


IBM  releases  free  search  software 


BY  JOHN  FONTANA 

IBM  and  Yahoo  last  week  released  free  search  soft¬ 
ware  aimed  at  small  and  midsize  businesses  that 
want  to  search  across  their  internal  documents  and 
content.  IBM  is  using  price  to  battle  competitors  who 
also  are  aiming  entry-level  search  software  at  corpo¬ 
rate  and  departmental  users. 

IBM  OmniFind  Yahoo  Edition  lets  companies 
crawl  file  servers  and  index  intranet  pages.  It  also 
includes  an  option  for  searching  across  the  Web 
via  Yahoo  search. 

The  entry  level  software,  which  runs  on  Windows  or 
Linux  servers,  lets  users  index  as  many  as  500,000 
documents  per  server,  supports  more  than  200  file 
types  and  can  read  files  in  more  than  30  languages. 
Unlimited  telephone  support  is  available  from  IBM 
for  $2,000  per  year. 

With  the  new  release,  IBM  is  not  only  making  a  play 
to  boost  the  visibility  of  its  OmniFind  line  of  search 
software,  but  also  taking  a  shot  at  Google,  which 
offers  an  entry-level  search  product  called  the  Mini 
that  is  priced  at  $2,000.  IBM  also  hopes  to  put  pres¬ 
sure  on  Microsoft,  which  just  introduced  the  Share- 
Boint  Server  2007  for  Search,  which  is  only  available 
to  Microsoft’s  volume  licensing  customers. 


“I  would  not  be  surprised  if  Microsoft  comes  out 
with  a  free  product  or  if  Google  tries  to  differentiate 
its  Minis  in  some  way’  says  Matt  Brown,  an  analyst 
with  Forrester  Research. 

Users  are  jumping  on  OmniFind  Yahoo,  including 
Decision  Critical  in  Austin, Texas,  which  offers  hosted 
services  that  help  hospitals  plan  and  assign  training 
courses  to  nurses  and  other  personnel. 

“We  are  not  in  the  content  business, so  the  chal¬ 
lenge  that  we  have  is  that  the  content  provided  by 
our  partners  is  in  many  different  forms,”  says  Eric 
BrierleyCTO  of  Decision  Critical.  The  company  pro¬ 
vides  access  to  more  than  450  continuing  education 
courses  for  about  300,000  users  at  400  hospitals. 

Brierley  says  he  can  filter  search  results  for  individ¬ 
ual  users  because  not  all  hospitals  subscribe  to  all 
the  content  Decision  Critical  provides. 

OmniFind  Yahoo  Edition  includes  features  such  as 
automatic  spell  correction,  support  for  synonyms 
and  shortcuts,  wildcard  support  to  substitute  for 
unknown  characters,  query  reporting  and  graphical 
user  interface  customization.  High-level  security  fea¬ 
tures,  however,  are  not  available  until  a  user  steps  up 
to  the  OmniFind  Enterprise  Edition,  which  is  priced 
starting  at  $30,000.  ■ 


which  stemmed  from  the  then- 
start-up’s  desire  to  create  a  dis¬ 
tinctive  personality. 

“The  color  was  a  pretty  big  part 
of  our  story’  Stitt  says.“People  at 
trade  shows  would  look  at  our 
products  and  ask  why  they  were 
purple.lt  gave  us  an  opportunity 
to  tell  our  story  about  a  new 
class  of  products  called  Layer  3 
switches  that  give  you  10  times 
the  performance  of  a  router  at  a 
10th  the  price  and  give  you  qual¬ 
ity  of  service.” 

Stitt  says  the  company’s  loyal 
followers  refer  to  themselves  as 
“painting  their  data  centers  pur¬ 
ple”  or  “bleeding  purple.”  New- 
employee  orientations  stress  “pur¬ 
ple  powerfthe  internal  name  for 
a  product  launch  is  Purple  Reign 
and  Extreme’s  partners  work  with 
it  through  the  Go  Purple  pro¬ 
gram.  Microsoft,  a  big  customer, 
once  sent  the  company  a  Barney 
dinosaur  doll  after  receiving  an 
order  of  Extreme  switches,  Stitt 
says.“It’s  embedded  in  the  cul¬ 
ture,”  he  says. 

Steve  Mullaney  vice  president 
of  marketing  at  Blue  Coat 
Systems,  says  using  colors  to  mar¬ 
ket  a  company  and  its  products 
is  a  time-honored  tradition  that 
transcends  the  network  and  IT 
industries.The  goal  is  to  get  an 
emotional  response,  he  says. 
“Whether  red  to  underscore 
urgency  or  exclamation,  purple 
to  stand  out  from  the  crowd,  or 
blue  to  elicit  security  and  com¬ 
fort,  no  one  can  view  colors  with¬ 
out  feeling  some  unconscious 
emotional  effect,”  he  says.“It’s 
even  becoming  more  apparent 
in  sector  references  like  ‘green 
technologies.’” 

Michael  Hyatt,  the  CEO  of  Blue- 
Cat,  acknowledges  that  there  are 
a  lot  of  blue  network  companies 
but  says  he  doesn’t  lose  sleep 
over  people  possibly  getting  his 
company  confused  with  others. 
“It’s  not  just  about  being  named 
differently  but  being  branded  dif¬ 
ferently’  he  says,  while  wearing  a 
black  baseball  cap  adorned  sim¬ 
ply  with  the  company’s  blue  cat 
logo,  not  its  name.  He  points  to 
the  ways  his  company  makes 
itself  stand  out  (aside  from  its 
technology  and  people):  creative 
tchotchkes,  such  as  BlueCat- 
labeled  wine  produced  in  the 
south  of  France,  and  full-blown 
poker  sets. 

Why  Big  Blue? 

Now  back  to  IBM  and  its  nick¬ 
name,  which  made  its  first 


appearance  in  the  press  in  a 
1981  Business  Week  story  accord¬ 
ing  to  LexisNexis  and  other 
search  engines,  that  cited  “the 
pervasiveness  of  IBM’s  blue  com- 
puters.”We  asked  longtime  IBM 
watchers  where  the  nickname 
came  from  and  got  a  boatload  of 
plausible  explanations,  including: 
IBM’s  status  as  a  Blue  Chip  com¬ 
pany  the  blue  suits  traditionally 
worn  by  the  company’s  execu¬ 
tives,  the  blue  covering  on  its 
mainframes  and  other  products 
during  the  1960s,  and  even  the 
big,  blue  letters  in  its  logo. 

To  sort  things  out,  we  put  the 
question  to  Paul  Lasewicz,  IBM’s 
corporate  archivist,  but  even  he 
said  the  answer  wasn’t  black 
and  white:“There’s  no  definitive 
answer  to  that,  except  to  say  that 
the  term  first  emerged  outside  of 
IBM,  apparently  in  the  early 
1980s,  although  we  can’t  con¬ 
firm  that.” 

What  is  known  is  that  IBM  ini¬ 
tially  shunned  the  term  and  even 
got  into  a  legal  scrape  with  a 
computer  distributor  called  Big 
Blue  Products  in  the  late  1980s 
over  the  term’s  use.  Eventually 
IBM  embraced  the  moniker,  even 
using  it  on  its  1995  annual  re¬ 
port’s  cover, “The  New  Big  Blue.” 
IBM  has  gone  on  to  work  the 
color  into  the  names  of  some  of 
its  supercomputers,  such  as  Deep 
Blue  and  Blue  Gene. 

While  some  might  find  all  these 
colorful  company  and  product 
names  a  bit  much,  things  could 
be  worse,  Blue  Coat’s  Mullaney 
says.“It’s  at  least  more  dignified 
than  all  those  networking  com¬ 
panies  who  felt  the  need  to  use 
their  company  name  to  answer 
the  question, ‘If  you  were  a  tree, 
what  kind  of  tree  would  you 
be?”’  he  says.  ■ 

Do  you  know  your 
network  colors? 

•  Take  our  quiz  on  the  colors  of 
networking. 

www.nwdocfinder.Goin/6566 

•  More  on  why  Red  Hat  is  called  that. 

www.nwdocfinder.coni/6567 


•  A  brief  Q&A  with 
Extreme  Chairman 
Gordon  Stitt. 

www.nwdocfinder. 
com/6568 

•  The  story  behind  France  Telecom’s 
Orange  business. 

www.nwdocfinder.com/6569 


By  2010,  the  increase  in  expense  to  power  and  cool  servers  is  projected  to  be  approximately  four  times  the 
increase  in  new  server  spending.1  The  IBM  System  x3655  Express  can  help  control  rising  energy  costs  starting 
today.  How?  It  comes  with  an  ingenious  technology  called  PowerExecutiveT  which  allows  you  to  allocate 
power  to  each  server,  helping  to  optimize  and  save  you  money.2  Only  IBM  has  it.  The  x3655  is  just  one  of 
many  Express  systems  designed  for  business  performance  computing.  With  IBM,  innovation  comes  standard. 
So  why  waste  energy  on  anything  else? 


AUTOMATICALLY  PUTS 
YOUR  BUSINESS  INTO 
ENERGY-SAVING  MODE. 


IBM  System  x3655  Express 

Mission-critical  availability  and  performance  in  an  affordable  package. 


Monitor  power  consumption  and  allocate  power  where  needed  with  PowerExecutive 


64GB  maximum  low-power  DDR2  memory 


Choose  flexibility  and  robust  I/O  configuration  with  IBM  extended  I/O 


Featuring  the  Next-Generation  AMD  Opteron™  processor  with  AMD  PowerNow!™  technology 


Limited  warranty:  3  years  on-site3 


From  $2,359*  or  $61/month4 


AMDil 


Opteron 


‘All  puces  are  IBM's  estimated  retail  selling  prices  as  ol  October  3, 2006  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end 
users  may  vary.  Products  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  otter  the  products,  features  or  services 
discussed  in  this  document  in  other  countries.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features. 
Contact  your  IBM  representative  or  iBM  Business  Partner  tot  the  most  current  pricing  in  your  geography.  1.  Based  on  * IDC.  'The  impact  of  Power  and  Cooling  on  Data 
Center  Infrastructure,'  Document  #201722.  May  2DC6’  page  si*,  which  highlights  that  a  rapidly  rising  server-installed  base  is  projected  to  drive  an  increase  in  the  cos!  of 
power  and  cooling  over  the  next  five  years.  2.  PowerExecutive  can  help  save  power  during  periods  ot  lower  utilization.  3.  IBM  hardware  products  are  manufactured  from 
new  parts,  or  new  and  serviceable  used  parts  Regardless,  our  warranty  terms  apply.  Telephone  support  may  be  subject  to  additional  charges.  For  on-sile  labor.  IBM  will 
attempt  lo  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-sitc-  warranty  is  available  only  tor  selected  components.  4,  IBM  Global  Financing 
offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  lo  qualified  commercial  and  government  customers. 
Monthly  payments  provided  are  tor  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors.  Lease  otter  provided  is  based  on  a  FMV  lease  ol  36  monthly 
payments.  Other  restrictions  may  apply.  Rales  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice  Information  about  non-IBM  products  is  obtained 
irom  the  manufacturers  ot  ihosc  products  or  their  published  announcements.  IBM  has  not  tested  those  products  and  cannot  confirm  the  performance,  compatibility  or  any 
other  claims  related  to  non-  IBM  products.  Questions  on  the  capabilities  of  non-IBM  products  should  be  addressed  to  the  suppliers  ol  those  products  IBM.  the  IBM  logo 
and  PowerExecutive  are  trademarks  or  registered  trademarks  oi  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries  AMD,  the  AMD 
logo,  AMD  Opteron  and  AMD  PowerNow!  are  trademarks  ot  Advanced  Micro  Devices.  Inc.  Other  company,  produd  and  service  names  may  be  trademarks  or  service  marks 
ot  others  ©2006  IBM  Corporation.  All  rights  reserved 


WHY  WAIT? 

PAY  $0  FOR  THE  NEXT  3  MONTHS. 

Get  the  System  x3655  Express 
now  and  defer  payment  for  the 
next  3  months. 

Learn  more  at: 


ibm.com/ 

s  y  s  t  e  m  s  /  i  n  no  vate60 


1  866-872-3902 

mention  104CE45A 
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SPECK  FBI  IS 

IP-based  digital  video  surveillance  grows  up 

Cisco,  IBM,  Mobitex  and  others  growing  IP-based  digital  security  systems 


BY  ELLEN  MESSMER 

ideo  surveillance  traditionally  has 
been  a  closed-circuit,  analog 
affair  run  by  a  company’s  physi¬ 
cal-security  staff.  But  with  the  rise 
of  IP-based  digital  systems,  video  surveil¬ 
lance  has  become  just  another  applica¬ 
tion  on  the  corporate  network  managed 
by  the  IT  department. 

Motion-activated,  IP-based  digital  surveil¬ 
lance  cameras,  including  those  from  Mobi¬ 
tex  and  Axis,  capture  better  detail  than  ana¬ 
log  cameras  do.  Their  video  footage  typic¬ 
ally  is  stored  in  corporate  servers  and 
shared  over  IP  networks.  But  digital  cam¬ 
eras  tend  to  be  almost  double  the  price  of 
analog  cameras,  so  organizations  think 
twice  about  throwing  out  their  old  cam¬ 
eras.  A  common  transition  step  involves 
converting  analog  to  digital  streams  to 
transmit  video  surveillance  traffic  over  cor¬ 
porate  LAN  and  WAN  links. 

That's  the  approach  the  state  of  Utah  is 
taking  in  two  of  its  agencies,  the  Utah 


Mobotix’s  high-resolution  IP-based  cameras 
contain  Linux-based  computers  with  software 
designed  to  store  video  footage  triggered  by 
motion  detection,  rather  than  streaming  it 
continuously  to  a  server  for  processing. 

Department  of  Alcoholic  Beverages  (UDA- 
BC)  and  the  Department  of  Transportation. 

The  Department  of  Transportation  owns 
700  miles  of  fiber-optic  cabling  that 
among  its  other  uses,  streams  traffic  from 
445  analog  cameras  from  several  manu¬ 
facturers  including  Pelco,  back  to  a  cen¬ 
tral  data  transportation  monitoring  center 
in  Salt  Lake  City 

Richard  Manser,  the  department’s  special¬ 
ist  for  intelligent  transportation  systems, 
says  the  agency  is  halfway  through  convert¬ 
ing  analog  video  streams  to  digital  through 
hardware  upgrades,  decoders  and  changes 
to  its  Transcore  management  application  to 
support  IP-based  monitoring. 

“IP  Ethernet  is  much  more  flexible,” 
Manser  says.  “Analog  requires  dedicated 
fiber  strands  for  each  group  of  eight  cam- 
eras.The  cameras  are  streaming  all  the  time 
and  tying  up  bandwidth,  typically  4.5M  to 


6Mbps  per  camera.  With  IP-based  digital 
video,  you  can  use  on-demand  and  multi¬ 
casting,  which  definitely  is  less  bandwidth. 
Maintaining  it  is  easier  because  we  have 
people  in  IT  experienced  in 
network  management,”  he  says. 

UDABC,  which  controls  Utah 
liquor  sales,  decided  on  a  simi¬ 
lar  analog-to-digital  transition 
step  for  its  38  state-run  retail 
liquor  stores  that  are  monitored 
for  theft  by  Toshiba  cameras. 

“We  can  convert  the  analog, 
Surveillix-brand  cameras  from 
Toshiba  with  their  video¬ 
capture  board  now,”  says  Kevin 
Perry,  UDABC’s  tech  support 
specialist  supervisor.  The  state 
agency  would  prefer  fully  IP- 
based  digital  cameras  because 
“digital’s  quality  is  better  and 
analog  cameras  are  not 
motion-sensitive,”  he  says.  But 
due  to  cost  considerations,  the 
decision  was  made  more  than 
a  year  ago  to  make  a  gradual  transition. 

If  a  store  manager  suspects  a  theft  has 
occurred,  a  review  of  video  surveillance 
footage  stored  locally  in  servers  may  result 
in  a  video  extraction  that  can  be  viewed 
remotely  by  authorized  state  employees  or 
law  enforcement. 

The  decision  to  share  video  footage  over 
the  state’s  WAN  prompted  bandwidth 
questions. 

“We  first  looked  at  streaming  100%  of  the 
data  from  the  cameras  across  the  network” 
to  the  UDABC’s  main  data  center  in  St.  Lake 
City  Perry  says.  But  with  15  frames-per-sec- 
ond  video  taking  up  about  2Mbps  of  band¬ 
width,  that  idea  was  viewed  as  too  band¬ 
width  intensive.  The  state  of  Utah  decided 
to  set  up  storage-area  networks  locally  in 
the  liquor  stores  to  warehouse  a  month  or 
two  of  captured  video. 

As  with  other  Windows  XP-based  com¬ 
puter  systems,  the  Surveillix  pan,  tilt  and 
zoom  system  has  to  undergo  maintenance. 
“We  do  patch  management  and  run  anti¬ 
virus  on  it,”  Perry  says. 

Managers  of  video  surveillance  systems 
need  to  be  sure  they  understand  the  applic¬ 
able  federal  and  state  privacy  laws,  Perry 
says.  Because  there  are  laws  specifically 
prohibiting  recording  conversations,  sur¬ 
veillance  systems  typically  are  visual  but 
not  audio  recorders. 


Network-equipment  giant  Cisco  is  bullish 
on  IP-based  video  surveillance,  getting  into 
the  business  earlier  this  year  through  its 
acquisition  of  SyPixx  Networks,  a  maker  of 
physical-monitoring  systems 
that  support  purely  digital,  IP- 
based  video  cameras  and  ana¬ 
log-to-digital  and  digital-to- 
analog  traffic. 

“Ninety-eight  percent  of  the 
installed  video  cameras  are 
analog  today”  says  Mark 
Farino,  general  manager  of 
converged  security  in  Cisco’s 
Emerging  Market  Technol¬ 
ogies  Group.  Farino  says 
Cisco’s  strategy  is  to  support 
the  transition  from  analog  to 
digital, while  introducing  inno¬ 
vations  of  its  own  in  the  com¬ 
ing  year. 

Corporations  use  SyPixx 
gear  to  stream  video  traffic 
captured  by  different  manu¬ 
facturers’  cameras  over  IP  net¬ 
works  into  the  Linux-based  SyPixx  storage 
system,  while  the  Stream  Manager  applica¬ 
tion  enables  viewing  live  video  and  play¬ 
ing  back  recorded  video  based  on  inter¬ 
connected  IP-based  and  analog  cameras. 

Another  firm.VidSys,  also  provides  a  way 
to  integrate  digital  and  analog  video  sur¬ 
veillance  cameras  through  its  software, 
VidShield.  ‘A  digital  camera  costs  almost 
double  the  price  of  an  analog  one, 
although  prices  are  dropping,  says  Tony 
Lapolito.VidShield’s  vice  president  of  mar¬ 
keting.  “So  we’re  open  to  using  anyone’s 
decoders,  encoders,  cameras,  storage  and 
digital  video  recorders.”A  VidSys  integration 
project  typically  costs  about  $70,000. 

A  question  of  Cisco 

Next  year,  Cisco  —  which  is  dropping  the 
SyPixx  equipment  name  —  expects  to 
introduce  upgrades  for  IP-based  video  sur¬ 
veillance.  Farino  says  Cisco  is  working  on 
ways  to  integrate  its  video  surveillance  sys¬ 
tem  with  physical  badge  systems,  so  a  cam¬ 
era  could  be  activated  to  zoom  in  on  some¬ 
one  wearing  a  specific  badge  and  be  able 
to  follow  that  individual. 

Cisco  also  is  working  with  IBM  on  its 
Smart  Surveillance  System  announced  in 
November,  software  that  IBM  says  will  pro¬ 
vide  advanced  monitoring  and  stored 
search  capabilities. 


“IP-based  surveillance  is  the  future,”  says 
Gartner  analyst  Jeff  Mining.  “It  used  to  be 
expensive,  but  it’s  now  mid-range.” 

Some  of  the  most  impressive  technolo¬ 
gies  are  to  be  found  in  the  IP-based  cam¬ 
eras,  including  Mobotix,  and  the  search- 
and-retrieval  systems  from  vendors  includ¬ 
ing  3VR  Security,  ObjectVideo  and 
VistaScape  Security  Systems, Mining  says. 

IP-based  digital  video  surveillance  offers 
enormous  flexibility  in  monitoring  and 
archive  searching,  but  organizations  should 
ensure  video  traffic  is  encrypted  for  secu¬ 
rity  purposes, Mining  says. 

In  the  most  advanced  systems,  the  soft¬ 
ware  found  in  the  camera  picks  up  motions 
and  can  identify  the  difference  between  a 
“simple  hug”of  a  person  and“if  I’m  trying  to 
strangle  you,”  Mining  says.  To  use  IP-based 
digital  video  successfully  it  pays  to  have  a 
good  infrastructure,  he  notes  —  or  to  use  a 
dedicated  network. 

Cisco  Director  of  Engineering  Mark 
Geiger  says  bandwidth  allowance  depends 
on  the  camera’s  frames  per  second  and  the 
compression  and  pixel  range.  For  example, 
a  camera  in  MPEG4  Compression  Image 
Format  running  at  30  frames  per  second 
would  require  about  3Mbps  of  bandwidth. 

At  Mobotix,  the  German-based  maker  of 
IP-based  digital  cameras,  CEO  Ralf  Hinkel 
says  the  Mobotix  cameras  are  designed 
specifically  to  lighten  the  network  load. 

Mobotix  lightens  up 

The  high-resolution  IP-based  Mobotix 
cameras  contain  Linux-based  computers 
with  software  designed  to  store  the  record¬ 
ed  video  footage  triggered  by  motion 
detection,  rather  than  stream  it  continu¬ 
ously  to  a  server  for  processing. 

The  end  result,  according  to  Hinkel,  “is 
that  the  camera  does  the  recording 
because  it’s  a  PC,  with  64  megabytes  for  six 
minutes.  It’s  motion  sensitive,  so  if  nothing 
happened,  there’s  no  network  load  from  the 
camera.”  When  transmitting  video,  the  digi¬ 
tal  camera  establishes  a  Secure  HTTP  tun¬ 
nel  to  a  designated  computer  storage  sys¬ 
tem  through  a  buffering  process. 

The  1.3  million  pixel  Mobotix  camera, 
supporting  30  frames  per  second,  also  is  a 
“standard  IP  telephone”  based  on  the 
Session  Initiation  Protocol,  Hinkel  says. The 
camera  can  be  set  up  to  call  an  individual’s 
PC  and  deliver  a  recorded  voice  message 
about  a  visual  event.lt  costs  about  S700.B 


Digital  video  quality  is 
better  and  analog  cam¬ 
eras  are  not  motion- 
sensitive,  but  due  to 
costs,  the  state  is  mak¬ 
ing  a  gradual  transition 
to  digital,  says  Kevin 
Perry  of  the  Utah 
Department  of  Alcoholic 
Beverages. 
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TECHNOUCY  UPDATE 

AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


DRM  vs.  ERM:  battle  to  control  data 


Enterprise  vs.  digital  rights  management 

Enterprise  rights  management  Digital  rights  management 

Content  type 

Dynamic.  ERM  operates  in  a  collaborative 
environment  by  handling  multiple  users 
with  different  access  and  usage  rights. 

Static.  DRM  is  focused  on  securing  one 
document  or  media  file  at  a  time,  with  the 
goal  of  mass  distribution  in  a  noncollaborative 
environment. 

Business  case 

Information  protection  for  the  entire  life 
cycle  of  information  from  creation  to 
archiving  with  complete  auditing  and 
reporting. 

Content  monetization  through  the  controlled 
access  to  digital  content.  Used  primarily  by 
the  originators/distributors  of  content  to  sell 
information  or  media. 

Infrastructure 

Actively  updates  users'  rights  as 
collaborative  environments  change.  Client 
machines  interact  with  policy  servers 
that  distribute  and  update  rights. 

Controls  access  rights  through  proprietary 
devices  and  file  types.  Rights  are  not  designed 
to  be  transferable  or  updated. 

User  experience 

Flexible  interface  is  imperative  for 
successful  implementation  and  user 
adoption. 

An  easy  (if  not  transparent)  user  experience 
is  required  to  gain  market  adoption.  Users 
are  not  expected  to  change  or  edit  the 
content. 

BY  ED  GAUDET 

Over  the  past  three  years  digital  rights 
management  and  enterprise  rights  man¬ 
agement  have  gained  attention  due  to 
copyright  issues  involving  digital  media 
and  leakage  of  sensitive  data.  Unfortu¬ 
nately  the  terms  are  often  used  inter¬ 
changeably  even  though  they  mean  differ¬ 
ent  things. 

DRM  and  ERM  share  common  technical 
concepts,  such  as  encryption  to  control 
access  to  data  and  application-  or  device¬ 
level  functionality  to  control  usage.  But 
DRM  focuses  on  securing  static  content 
tied  to  a  per-user  access  and  usage  li¬ 
cense,  while  ERM  focuses  on  controlling 
dynamic  content  tied  to  a  business 
process  that  users  may  come  in  and  out  of 
on  a  regular  basis.  ERM  enables  compa¬ 
nies  to  extend  security  to  third-party  part¬ 
ners,  suppliers  and  customers. 

Here  are  a  few  more  key  differences: 

•  Content  monetization  vs.  life-cycle  con¬ 
trol:  DRM  restricts  the  access  and  use  of 
digital  files;  its  business  problem  is  optimal 
monetization  of  digital  content  while  pro¬ 
tecting  the  interests  of  copyright  holders. 

Today  this  content  is  in  the  form  of  music 
and  video  files. The  goal  is  to  restrict  con¬ 
tent  access  to  its  owner,  which  is  an  indi¬ 
vidual  consumer.  By  contrast,  ERM  con¬ 
trols  access  to  and  usage  of  electronic 
data  in  various  formats  such  as  word 
processor  documents,  spreadsheets, 
e-mail,  PDF  files  and  CAD  diagrams.  ERM 
allows  for  persistent  control  of  content 
(regardless  of  where  or  when  access 
occurs)  and  enables  an  enterprise  to  con¬ 
trol  access  to  intellectual  property  or  other 


confidential  business  information  that 
needs  to  be  secured  for  privacy,  competi¬ 
tive  or  compliance  reasons. 

Unlike  DRM,  which  tends  to  deal  with  sta¬ 
tic  and  published  content  (one  song  to  one 
consumer),  ERM  focuses  on  controlling 
information  throughout  its  life  cycle,  and 
that  life  cycle  is  often  highly  collaborative. 

•  The  ecosystem  and  technical  imple¬ 
mentations  differ:  Both  approaches  in¬ 
clude  the  notion  of  a  policy  server  in 
which  rights  are  defined,  an  encryption 
mechanism  that  controls  access  to  the 
data,  and  a  software  client  or  device  that 
enforces  the  policy  (which  authenticated 
user  has  what  rights  based  on  content). 


DRM  tends  to  focus  on  the  media  format 
and  device,  with  the  two  most  common 
systems  offered  by  Apple  and  Microsoft. 
Apple’s  FairPlay  software  is  exclusively  tied 
to  the  encrypted  Advanced  Audio  Coding 
format,  iPod  media  player  and  the  iTunes 
online  store.  Microsoft  is  more  open  with 
Windows  Media  DRM  in  that  it  licenses 
components  of  the  DRM  platform  to  other 
vendors  for  use. 

With  ERM,  the  controls  are  tied  to  the 
native  applications,  which  have  the  ability 
to  produce  and  consume  protected  data 
in  several  formats.  For  example,  Microsoft 
Word  supports  a  number  of  file  formats 
(.doc,  .txt,  .xml,  .dot,  .rtf,  .wps,  .htm  and 


.html).  ERM  enablement  is  accomplished 
with  a  providers  software  developers  kit 
(SDK)  and  associated  APIs  and  delivered 
using  one  or  more  of  the  following 
approaches:  natively  by  the  application 
vendor,  through  a  plug-in  or  by  an  ERM 
integration  agent  that  leverages  the 
strength  of  the  SDK  approach  with  the  flex¬ 
ibility  and  time  to  market  of  a  plug-in. 

ERM  solutions  with  SDKs  include 
Microsoft’s  Rights  Management  Services 
and  Adobe’s  Policy  Server.  ERM  vendors 
by  acquisition  include  EMC  and  Oracle, 
which  use  plug-in  approaches  to  applica¬ 
tion  enablement  and  do  not  offer  an 
SDK. 

Each  approach  has  its  advantages  and 
disadvantages;  however,  only  the  integra¬ 
tion  agent  provides  cross-application 
control  such  as  secure  clipboard,  the  abil¬ 
ity  to  support  all  of  an  application’s  file 
formats  interchangeably,  and  enterprise- 
class  management  of  multiple  applica¬ 
tions,  which  simplifies  distribution,  up¬ 
grades  and  integration. 

As  a  steward  of  customer  and  corporate 
data,  understanding  the  difference 
between  the  often  controversial  digital 
rights  management  and  enterprise  rights 
management  is  critical  to  your  organiza¬ 
tion’s  agility  and  long-term  success  with 
controlling  electronic  information. 

Gaudet  is  vice  president  of  product  man¬ 
agement  and  marketing  for  Liquid  Ma¬ 
chines,  which  provides  an  ERM  system  that 
supports  out-of-the-box  integration  with 
Microsoft's  RMS.  He  can  be  reached  at 
egaudet@liquidmachines.  com. 


Ask  Dn  Internet  By  Steve  Blass 


What  steps  can  I  take  to  protect  my  systems 
from  zero-day  vulnerabilities  in  Microsoft 
Word? 

Microsoft  recommends  not  opening  suspicious 
Word  documents  from  untrusted  sources.  This  is 
always  good  advice  but  can  be  difficult  to  implement 
successfully  given  the  level  of  business  correspon¬ 
dence  delivered  as  Word  documents  and  the  ease 
with  which  e-mail  addresses  can  be  spoofed. 
Patches  do  not  appear  to  be  scheduled  for  release 


until  January  at  the  earliest. 

One  option  for  home  users  is  to  switch  to  the 
OpenOffice  suite  (free  from  OpenOffice.org). 
Business  users  may  want  to  accelerate  their  plans  to 
upgrade  to  Office  2007,  which  reportedly  is  not  vul¬ 
nerable.  IT  departments  may  want  to  make  sure 
they  are  deploying  desktops  under  a  least-privilege 
security  model  rather  than  giving  desktop  users 
local  administrative  rights.  This  can  slow  down  the 
code-dropping  payloads  in  infected  documents,  as 
they  may  not  be  able  to  infect  the  registry  without 


administrative  access.  The  best  defense  is  a  tightly 
restricted  outbound  firewall  on  the  desktop  systems 
configured  to  block  everything  that  is  not  expressly 
permitted. 

Being  prompted  for  every  new  outbound  connec¬ 
tion  is  annoying  but  can  be  effective  in  identifying 
when  your  computer  suddenly  wants  to  talk  to  a  new 
server  on  a  new  port  number. 

Blass  is  an  IT  manager  in  Phoenix.  He  can  be 
reached  at  dr.internet@jschnee.com. 
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The  perils  of  precaching 


Sometimes  life  gets  too  interesting. 
That’s  when  you  blow  a  day  tracking 
down  some  weird,  esoteric  issue, 
which  was  exactly  what  happened  to 
us  a  couple  of  weeks  ago  after  a 
story  (see  www.nwdocfinder.com/ 
6533)  was  posted  in  Gibbsblog. 

The  post  concerned  the  surprising 
appearance  of  a  warning  by  Firefox 
that  a  certificate  had  been  presented 
by  a  Web  site  and  the  certificates 
Mark  Gibbs  issuer  (otherwise  called  the  certifi¬ 
cate  authority)  was  unknown. This 
meant  the  certificate  couldn’t  be  verified, which  meant  that 
the  site  couldn’t  be  trusted,  hence  the  warning. 

This  was  odd  because  the  certificate  in  question  was  for 
the  Navy’s  Warfighter  Response  Center  (www.nwdocfinder. 
com/6534)  and  the  issuer  was  the  U.S.  Department  of 
Defense. The  problem  was  that  the  page  actually  requested 
was  a  Google  search  result  rather  than  the  Navy  site.  As  the 
search  term  entered  into  Google  had  been  “binary  explo¬ 
sives”  it  seemed  plausible  that  some  kind  of  monitoring  was 
going  on. 

<aside>The  reason  we  were  looking  for  “binary  explo¬ 
sives”  was  to  find  a  story  written  just  after  the  recent  securi¬ 
ty  brouhaha  over  passengers  carrying  liquids  onto  aircraft. 
The  story  in  question  was  from  The  Register  (www.nw 
docfinder.com/6535)  and  is  a  “must  read.”</aside> 

Unfortunately  as  interesting  as  being  monitored  might 


have  been,  the  idea  of  some  kind  of  conspiracy  between 
Google  and  the  Defense  Department  to  watch  what  people 
search  for  was  unlikely  for  two  reasons. 

First,  would  the  spies  show  their  hand  by  allowing  an 
authentication  certificate  to  load?  Hardly  Second,  could 
such  a  conspiracy  remain  hidden?  Of  course  not. 

Anyway,  another  question  remained:  How  was  it  that  a 
Web  page  for  the  Navy  was  being  loaded  when  a  page  of 

Precaching  . . .  speeds  up  the 
loading  of  Web  sites. 

Google  results  was  being  returned?  The  answer? 
Precaching. 

Precaching  (also  called  prefetching)  is  a  technique  used 
by  the  Firefox  browser  to  speed  up  the  loading  of  Web  sites. 
If  the  feature  is  enabled,  when  a  Web  page  is  loaded  the 
URLs  in  the  page  are  collected. The  browser  then  launches 
multiple  threads  and  the  contents  of  each  of  those  URLs 
are  loaded  into  a  cache  before  you  might  ask  for  them. 

What  was  happening  in  this  case  was  one  of  the  entries 
returned  by  the  search  was  https://wrc.navair-rdte.navy 
,mil/warfighter_enc/weapons/ordnance/types.htm,  and 
because  it  is  an  Secure-HTTP  connection  the  site  presented 
its  certificate  when  the  precaching  subsystem  tried  to  ac¬ 
cess  the  page.  As  the  Defense  Department  isn’t  included  in 
Firefox’s  list  of  certificate  authorities  by  default,  and  be¬ 
cause  we  were  configured  to  see  the  warnings,  that’s  what 


happened.  Except  the  precaching  wasn’t  done  as  we 
thought  by  Firefox. 

To  test  whether  this  was  the  cause  we  switched  off  Fire- 
fox’s  precaching.  Then  we  purged  the  cache  and  cookies 
and  tried  the  search  again. The  warning  happened  again! 

We’re  sure  that  some  of  you  have, at  this  point, had  an“ah- 
ha!”  moment  and  know  the  answer. We  didn’t. We  tried  to  fig¬ 
ure  out  what  was  going  on  and  did  things  like  run  Capsa 
(the  subject  of  Gearhead  two  weeks  ago)  and  trapped  and 
analyzed  all  of  the  HTTP  and  Secure-HTTP  traffic. 

This  didn’t  solve  our  problem,  and  we  found  unexpected 
Web  sites  being  accessed  by  unknown  processes  (what  fun 
—  more  to  investigate). 

Then  we  had  our  “ah-ha!”  moment:  The  precaching  was 
something  that  a  Firefox  plug-in  was  doing!  The  culprit  was 
Fasterfox  (www.nwdocfinder.com/6537)  an  add-on  that 
blocks  pop-ups,  times  how  long  it  takes  to  load  pages, 
tweaks  a  whole  range  of  network  and  browser  rendering 
settings,  as  well  as  precaching. 

We  switched  Fasterfox  off  and  no  more  certificate 
warnings. 

Precaching  might  sound  like  a  good  idea  but  it  has  a 
number  of  downsides,  such  as  increasing  bandwidth  use, 
increasing  server  loads, and  it  can  preload  content  that  you 
might  not  want  to  have  loaded, which  sounds  like  a  lawsuit 
waiting  to  happen. 

What's  your  time  sink?  Tell  gearhead@gibhs.com  or  on 
Gibbsblog. 


Wrapping  up  the  year  with  some  odds  and  ends  as  I  get  ready  for 
the  onslaught  of  new  cool  tools  in  January  2007: 

The  scoop:  Store  ‘n’  Go  Corporate  Secure  USB  Drive,  by  Verbatim, 
about  $80  (1GB  version  tested). 

What  it  is:  This  USB  flash  drive  is  designed  to  protect  data  by  using  mandatory 
security  features,  including  hardware-based  Advanced  Encryption  Standard  data 
encryption  and  antitamper  password  protection.  Unlike  USB  devices  that  have 
optional  security  features,  these  are  required  with  this  Verbatim  drive.The  company 
says  the  device  features  an  SHA-1  hashing  algorithm  that  ensures  the  password  in 
raw  form  is  not  stored  on  the  drive’s  memory, preventing  it  from  being  lifted  from  the 
device  or  the  memory  To  protect  against  dictionary  or  brute  force  attacks,  the  drive 
will  enter  lockdown  mode  and  secure  erase  all  the  data  after  10  consecutive  failed 
logon  attempts. 

Capacities  range  from  1G  to  4GB  (about  $270),  and  the  device  is  compatible 
with  mSystems’  mTrust  enterprise  security  software  (which  can  help  organizations 
centrally  manage  the  devices). 

Why  it’s  cool:  Companies  that  have  been  afraid  to  support  the  use  of  USB  flash  dri¬ 
ves  for  mobile  workers  can  feel  more  secure  that  the  data  won’t  be  compromised.  In 
all  likelihood  the  mobile  workers  are  already  using  USB  drives,  so  why  not  be  sure 

that  the  data  is  more  secure  by  trying 
these  mandatory  security  fea¬ 
tures?  Setting  up  the  drive  was 
very  easy,  and  a  complex  pass¬ 
word  requirement  means  your 
users  can’t  pick  easy  passwords 
This  USB  flash  drive  makes  the  data  for  mobile  (like  their  dog’s  name), 
users  more  secure.  Grade:  ★★★★★ 


The  Quik  Pod  will  take  some 
practice  to  take  pictures  of 
yourself  by  yourself. 


The  scoop:  Quik  Pod,  by  Fromm  Works,  about  $25. 

What  it  is:  The  Quik  Pod  is  an  extendable,  handheld  tripod  that 
attaches  to  a  digital  camera  (or  regular  camera  if  you  still  own 
one  of  those),  basically  extending  your  arm  reach  by  up  to  18 
inches.The  device  then  closes  to  about  7.5  inches  and 
comes  with  a 

carry¬ 
ing  case  and 
strap  (for  an  extra  $5 
you  can  get  adapter  legs  that 
create  a  mini-tripod). 

Why  it’s  cool:  When  you’re  traveling  and  you 
want  a  picture  of  yourself  in  front  of  a  famous  land¬ 
mark,  you  often  have  to  ask  strangers  to  take  your  picture  or" 
do  the  “hold  the  camera  out  as  far  as  possible”  maneuver.  With  the 
Quik  Pod, you  don’t  have  to  ask  for  a  stranger’s  help,  and  you  get  a  bet¬ 
ter  image  than  the  arm-length  move.  By  using  the  automatic  timer  func¬ 
tion  on  the  digital  camera, you  can  set  up  the  shot, push  the  button  and  then  extend 
the  Quik  Pod  and  take  a  shot.  In  addition  to  horizontal  shots,  you  can  adjust  the 
device  vertically  —  useful  for  taking  photos  at  parades  or  other  events  where  some¬ 
one  taller  is  standing  in  front  of  you.  If  your  videocamera  supports  a  tripod  con¬ 
nection,  you  can  attach  it  to  the  device  as  well. 

Some  caveats:  Because  the  point  of  the  device  is  to  take  photos  without  some¬ 
one  else’s  help,  determining  whether  the  shot  you  took  was  a  good  one  or  not  is  a 
crap  shoot.  It  could  take  some  practice  before  you  figure  out  the  proper  angle  to 
hold  your  arm,  the  proper  length  to  extend  and  whether  the  landmark  is  in  the 
shot  or  not. 

Grade:  ★★★VH 

Shaw  can  be  reached  at  kshaw@nww.com.  New  Cool  Tools  video  every 
Thursday,  and  Twisted  Pair  podcast  every  Friday  at  www.networkworld.com. 


If  you  buy  a  storage  system  now,  why  not  choose  one  that  can  also 
address  your  data  needs  later?  Take  the  IBM  System  Storage™  DS4200 
Express.  It  scales  from  1TB  to  56TB  and  anywhere  in  between1  - 
more  than  some  of  its  biggest  competitors.2  It’s  also  more  compatible 
with  more  operating  systems,  giving  you  a  simple  and  cost-effective 
way  to  grow.3  Because  with  IBM,  innovation  comes  standard. 


SCALES  FRO  RED  TODAY 

TO  WE-CAN-HANDLE-IT  TOMORROW. 


IBM  System  Storage  DS4200  Express 


An  easy-to-use  disk  system  for  managing  your  growing  data  needs, 
with  a  comprehensive  hardware/software  3-year  limited  warranty4 


Industry-standard  19"  rack _ 

Scales  from  1TB  to  56TB,  helping  to  protect  your  investment  as  you  grow _ 

Heterogeneous  OS  support  -  no  other  midrange  disk  storage  product  is  more  compatible 

Supports  unique  4  Gbps  interface;5  500GB  SATA  II  hard  disk  drives1 _ 

Fibre  Channel  Switched  (FC-SW)  and  Fibre  Channel  Arbitrated  Loop  (FC-AL)  standard 
Complimentary  installation  and  configuration  courseware  CD 

From  $11,474*  or  $297/month6 


'Price,  does  not  include  hard  drives.  A  minimum  of  two  hard  drives  is  required.  All  prices  are  IBM's  estimated  retail  selling  prices  as  of  October  4.  2006  Prices 
may  vary  according  to  configuration  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  Tins  document  was 
developed  for  offerings  in  the  United  States  IBM  may  not  otter  the  products,  features  or  services  discussed  in  this  document  in  other  countries.  Prices  subject  to 
change  without  notice.  Contact  your  IBM  representative  or  IBM  Business  Partner  lor  ttre  most  current  pricing  in  your  geography.  1  Denotes  raw  storage  capacity:  usable 
storage  capacity  rnay  be  less  than  slated.  Capacity  slated  in  uncompressed  mode  followed  by  capacity  using  data  compression  technology.  2  Compared  to  EMC 
CLARiiON  CX300  and  HP  SlorageWorks  MSA  1000  3  Compared  to  HP  StorageWorks  MSA  1000.  HP  StorageWorks  MSA  1500  and  EMC/Dell  AX150.  4.  IBM 
hardware  products  are  manulactured  from  new  parts,  or  new  and  serviceable  used  parts  Regardless,  our  warranty  terms  apply.  Telephone  support  may  be  subject  to 
additional  charges.  For  on-site  labor.  IBM  will  attempt  to  diagnose  aid  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty  is  available  only 
tor  selected  components  5  As  compared  to  other  major  storage  vendors  6.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LI.C  in  Die  United  States 
and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  lor  planning  purposes  only 
and  may  vary  based  on  your  credit  and  other  factors.  Lease  otter  provided  is  based  on  an  FMV  lease  ot  36  monthly  payments.  Ota  restrictions  may  apply  Rates  and 
offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM.  the  IBM  logo  and  System  Storage  are  trademarks  or  registered  trademarks  of  Internationa! 
Business  Machines  Corporation  in  the  United  Slates  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ot  others. 
©  2006  IBM  Corporation.  Ail  rights  reserved. 


WHY  WAIT? 

PAY  $0  FOR  THE  NEXT  3  MONTHS. 

Get  the  DS4200  Express  now 
and  defer  payment  for  the 
!  next  3  months. 


ibm.com/ 

systems/innovate70 


1  866-872-3902 

mention  104CE47A 
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A  Division  of  Cisco  Systems,  Inc 


Internet.  Voice. 
Entertainment  - 
All  at  Once.  Anywhere. 

The  holidays  are  a  time  for  connecting  with  friends  and 
family.  A  Wirefess-N  network  from  Linksys  lets  you  gift 
shop  online,  view  treasured  photos  and  videos,  enjoy 
festive  music  and  make  Internet  phone  calls  -  all  at  the 

same  time! 

Wireless-N  handles  voice,  Internet  and  entertainment 
up  to  12x  faster  and  with  up  to  4x  the  range  of  standard 
Wireless-G,  yet  works  seamlessly  with  Wireless-G  and 
-B  devices.  It  virtually  eliminates  dead  spots,  making  it 
great  for  larger  homes  and  home  offices. 

Linksys  Wireless-N  makes  it  easy  to  connect  for  the 
holidays. 


Linksys  is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in  the  U.S.  and  certain 
other  countries.  Copyright  ©  2006  Cisco  Systems,  Inc.  All  rights  reserved. 


WRT300N  Wireless-N  Broadband  Router 

For  more  information  on  the  new  Linksys  Wireless-N  products, 
visit  www.Linksys.com,  or  call  1  -800-737-7201 . 
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REGULATORY  COMPLIANCE 
Ben  Rothke 


ON  SECURITY 
Winn  Schwartau 


Good  security  can  aid  compliance 


As  regulatory  deadlines  approach,  companies 
often  scramble  to  put  plans  into  place,  divert¬ 
ing  employees  from  their  regular  tasks  to 
work  on  documentation  and  other  deliverables.  If 
your  company  is  scrambling  to  deal  with  regula¬ 
tory  compliance,  then  there  is  a  much  greater 
underlying  problem  that  can’t  be  blamed  on  a 
lack  of  budget  or  staff  within  the  information 
security  group. 

If  you  combine  the  myriad  security  and  privacy 
regulations,  there  is  roughly  an  80%  commonality 
between  all  of  them. The  Sarbanes-Oxley  Act,  the 
Gramm-Leach-Bliley  Act,  Securities  and  Exchange 
Commission  Rule  17a, Senate  Bill  1386  and  count¬ 
less  other  new  regulations  coming  down  the  pike 
all  deal  with  fundamental  issues  of  computer 
security  and  privacy 

The  most  pragmatic  way  to  handle  regulations 
is  to  create  an  effective  information  security  foun¬ 
dation  and  infrastructure. This  enables  an  organi¬ 
zation  to  easily  deal  with  any  new  regulation  that 
comes  into  law. 

Companies  are  missing  the  point  when  they 
deal  with  each  regulation  as  a  discrete  effort  that 
needs  to  be  complied  with.  This  myopic  view  of 
regulatory  compliance  creates  a  situation  in 


which  organizations  are  constantly  reinventing 
the  wheel  and  wasting  time  and  effort.  Given  the 
80/20  rule,  which  posits  that  80%  of  regulatory 
requirements  fall  within  a  small  set  of  parameters, 
having  a  security  foundation  means  that,  at  worst, 
you’ll  only  have  to  initiate  “fire  drills”  to  deal  with 
the  other  20%  of  requirements. 

Organizations  often  don’t  realize  that  security 
and  compliance  are  not  absolute  states.  Com- 

If  you  combine  the  myriad 
security  and  privacy  regu¬ 
lations,  there  is  roughly  an 
80%  commonality .... 

puter  security  is  essentially  a  compromise  be¬ 
tween  risk  and  usability  By  performing  risk  assess¬ 
ments  and  understanding  what  its  risks  are,  a 
company  can  discover  how  to  secure  its  systems 
effectively  Similarly,  compliance  is  a  negotiation 
between  a  company  and  its  auditors  and  regula¬ 
tory  bodies.  Organizations  that  have  this  security 
foundation  can  create  a  defensible  position  with 
respect  to  whatever  regulation  the  auditors  are 


dealing  with  that  week. 

So  what  is  to  be  done?  Above  all,  organizations 
need  to  create  security  around  a  formal  frame¬ 
work,  such  as  the  (ISC)2  Common  Body  of 
Knowledge,  ISO/IEC  17799  or  the  Information 
Security  Forum  Standard  of  Good  Practice.  This 
shows  a  company  is  serious  about  security 

Companies  that  have  developed  effective  infor¬ 
mation  security  programs  have  accomplished 
their  goals  by  focusing  on  security  from  a  frame¬ 
work  of  risk  mitigation  and  dealing  with  those 
risks  using  these  frameworks.  The  advantages  to 
such  an  approach  are  powerful,  as  the  recurring 
costs  to  comply  with  current  and  proposed  regu¬ 
lations  are  a  fraction  of  what  they  would  be  if 
such  a  framework  were  not  used. 

Regulations  are  like  a  baseball  pitcher  with  a 
variety  of  different  pitches.  A  good  catcher  can 
catch  whatever  pitch  is  thrown  at  him.  A  good 
foundation  ensures  that  all  work  will  be  in  the 
strike  zone  and  obviates  all  wild  pitches. 

Rothke  is  a  senior  security  consultant  with  INS 
and  the  author  of  Computer  Security:  20  Things 
Every  Employee  Should  Know  (McGraw-Hill 
2006).  He  can  be  reached  at  ben.rothke@ins.com. 


The  U.S.  Department  of  FUDP 


The  U.S.  government  recently  warned  fi¬ 
nancial  firms  and  services  of  an  al-Qaida 
call  for  a  cyberattack  against  online  stock 
trading  and  banking  Web  sites.The  Islamic  mili¬ 
tant  group  wants  to  “penetrate  and  destroy  the 
databases  of  the  U.S.  financial  sites,”  Reuters 
reported. 

Should  you  care?  Not  if  you  have  been  doing 
your  job. 

The  United  States  has  been  handling  informa¬ 
tion  warfare  attacks  for  more  than  a  decade,  with 
varying  degrees  of  success.  Our  biggest  national 
failure  has  been  defending  against  Class  I  infor¬ 
mation  warfare,  which  targets  personal  informa¬ 
tion  and  is  the  backbone  of  identity  theft,  phishing 
and  similar  profit-oriented  criminal  endeavors. 

Business  has  done  better  against  Class  II  infor¬ 
mation  warfare:  company-to-company  informa¬ 
tion  conflicts  and  industrial  espionage.  In  many 
ways  it  can  be  argued  that  American  industry 
essentially  has  chosen  to  permit  the  continued 
theft  of  intellectual  property,  rather  than  institute 
appropriate  (and  perhaps  politically  incorrect) 
security  policies  and  procedures. 

The  alleged  al-Qaida  threat  is  Class  III  infor¬ 
mation  warfare.  Nation-states,  terrorists  or  other 
political  and/or  religious  nongovernment  orga¬ 
nizations  target  their  adversaries  for  nonprofit 
motivations,  such  as  denial  of  service  and  sys¬ 
temic  disruption,  including  psychological  opera¬ 
tions  (PsyOps).  Targeting  the  private  critical  in¬ 
frastructures  of  perceived  adversaries  is  called 
unrestricted  warfare,  as  declared  by  the  Chinese 


against  the  U.S.  private  sector  in  1998. 

Could  the  United  States  be  promoting  or  exag¬ 
gerating  the  al-Qaida  cyberterrorism  threat  as  a 
means  to  garner  support  for  current  U.S.  poli¬ 
cies?  FUD  —  fear,  uncertainty  and  doubt  —  is  a 
powerful  weapon  that  cannot  be  dismissed  out 
of  hand.  Or  is  this  al-Qaida  using  PsyOps,  their 
own  form  of  FUD?  This  form  of  FUD-based 
PsyOps,  be  it  a  videotaped  beheading  or  the 
threat  of  economic  meltdown,  is  a  proven  Class 

It  does  not  take  any  stretch 
to  envision  . . .  technical 
types  infiltrating  our  nation¬ 
al  critical  infrastructure. 

Ill  weapon.  A  few  years  ago  the  Irish  Republican 
Army  effectively  shut  down  London  with  a  few 
well-placed  threats.  No  bombs,  no  boom,  but 
London  was  brought  to  a  halt. 

Let’s  say  that  al-Qaida  has  hired  the  best  hack¬ 
ers  and  intrusion  experts  from  the  United  States, 
China,  Israel,  Russia.  Mass  hiring  on  this  scale  is 
highly  unlikely  but  in  examining  risk,  I  like  to 
turn  up  the  dial  full  tilt  to  get  a  view  of  possibili¬ 
ties.  Al-Qaida  certainly  has  more  than  one  guy 
on  an  oasis,  but  they  do  not  have  the  power  of 
DefCon.  (www.DefCon.org). They  do  not  have  a 
magic  switch  to  say,  “Goodbye,  New  York  Stock 
Exchange”  or  “Good  riddance,  Schwab!” 

So  what’s  the  worry  about  al-Qaida  and  similar 
extremists?  Two  things.  Al-Qaida  conceivably 


could  launch  a  zero-day  denial-of-service  attack 
against  online  banking. 

The  second  worry  reflects  the  insidious  nature 
of  those  who  threaten  us.  Islamic  extremists  open¬ 
ly  avow  they  have  been  quietly  insinuating  them¬ 
selves  at  all  levels  of  our  society  It  does  not  take 
any  stretch  to  envision  a  long-term  machination 
of  skilled  and  trusted  technical  types  infiltrating 
our  national  critical  infrastructures. 

The  greatest  threats  to  our  financial  and  other 
critical  systems  are  from  insiders.  A  coordinated 
cell  of  operatives  (al-Qaida  or  other)  employed 
within  interdependent  power,  telco  and  financial 
centers  is  a  more  effective  way  of  creating  mass 
disruption  than  attempting  to  master  the  Inter¬ 
net  as  a  weapon  of  mass  destruction/disruption. 

Whether  the  al-Qaida  threat  is  construed  as 
physical  or  cyber  is  irrelevant,  as  the  defensive 
means  is  the  same:  regular  in-depth  profiles  of  the 
psychology  and  proclivities  of  trusted  employees 
to  whom  we  give  the  greatest  access  or  control. 
Instead  of  repeatedly  looking  outward  for  threats 
to  our  infrastructures,  we  should  be  looking  with¬ 
in  far  more  than  the  current  face  of  political  cor¬ 
rectness  permits.“Trust  but  verify  again  and  again" 
applies  not  only  to  technology  but  also  to  people. 

Schwartau  is  a  security  writer,  lecturer  and  pres¬ 
ident  of  Interpact ,  a  security  awareness  consult¬ 
ing  firm.  He  can  be  reached  at  winn@thesecu- 
rityawarenesscompany.com.  For  a  free  copy  of 
his  book,  Information  Warfare,  go  to  www.thesec 
urityawarenesscompany.  com/ chez/chez.php. 
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Mobilizing  the 
desk  phone 

One  of  the  interesting  things  to  watch  next  year  will  be 
how  the  cellular  and  Wi-Fi  worlds  collide,  and  a  start¬ 
up  called  Divitas  hopes  to  be  one  of  the  players  in  the 
middle  of  the  action. 

Founder  and  CEO  Vivek  Khuller  says  enterprises  have  done 
a  good  job  mobilizing  office  workers  by  doling  out  laptops 
but  have  ignored  one  core  business  asset:  the  enterprise 
phone.  Despite  the  ubiquity  of  cell  phones,  he  contends  that 
90%  of  the  time  the  desk  phone  is  still  the  primary  contact 
point  for  enterprise  workers. 

His  goal  is  to  make  the  desktop  number  portable  by  ex¬ 
tending  all  the  phone’s  features  to  the  user’s  cell  phone,  mak¬ 
ing  it  possible,  for  example,  to  forward  incoming  calls  to  cell 
phones  and  dial  extensions  from  those  cell  phones.  Wi-Fi  can 
play  a  role  by  helping  him  do  that  without  driving  cellular 
costs  through  the  roof. 

The  Divitas  product  —  which  Khuller  calls  a  mobile  con¬ 
vergence  appliance  —  is  a  Linux-based  device  that  can  be 
used  with  programmable  cell  phones  (so-called  smart 
phones)  that  are  cell-only  or  dual-mode  cell/Wi-Fi  phones. 
The  latter  gives  the  widest  range  of  options,  so  we’ll  focus 
on  that. 

When  a  user  is  in  the  office,  the  appliance  routes  incoming 
calls  to  both  the  user’s  desk  phone  and  cell  phone.  Because 
the  appliance  is  in  constant  contact  with  the  cell  phone,  it 
can  determine  if  the  mobile  device  can  be  reached  via  Wi¬ 
Fi,  meaning  no  additional  costs  are  incurred. 

If  the  user  is  on  the  road,  the  appliance  determines  if  the 
cell  phone  is  available  via  a  Wi-Fi  hot  spot  or  if  the  call  has  to 
be  routed  via  a  standard  cell  link.The  reverse  is  true  for  out¬ 
going  calls  from  the  mobile  device. 

Incoming  calls  that  go  unanswered  are  routed  by  the  appli¬ 
ance  to  the  enterprise  voice  mail  system  because  that’s  the 
number  Divitas  is  trying  to  mobilize,  Khuller  says. 

But  what  about  when  your  call  is  riding  the  Wi-Fi  waves  in 
Starbucks  and  the  guy  next  to  you  starts  to  download  a  mas¬ 
sive  file?  Khuller  says  the  appliance  constantly  evaluates  the 
quality  of  the  link  and,  in  the  event  of  degradation,  seamless¬ 
ly  hands  off  the  call  to  cellular.  Khuller  says  it  is  noticeable 
by  minimally  invasive. 

Regarding  ROI,  Khuller  says  many  users  make  half  their  cell 
calls  from  their  offices.  So  for  a  customer  with  3,000  cell  min¬ 
utes  per  month,  if  half  can  be  completed  at  1.5  cents  per 
minute  using  Divitas  vs.  the  average  of  7.5  cents  per  minute 
for  cell  calls,  the  ROI  is  three  to  four  months,  including  the 
$300  for  the  smart  phone. 

The  Divitas  product  is  scheduled  to  be  commercially  avail¬ 
able  in  the  first  quarter.  Interesting  stuff. 


Broadband  router  realities 

1  enjoyed  Kevin  Tolly’s  column  on  broadband  router 
throughput  (www.nwdocfinder.com/6398)  and 
found  it  quite  true  to  my  own  experiences.  Re¬ 
liability  might  make  a  good  topic  for  a  future  col¬ 
umn.  I  have  used  Linksys  for  my  home  office  for 
many  years  and  have  scrupulously  kept  my  firmware 
up  to  date.  Unfortunately  either  the  hardware  or  the 
firmware  has  a  problem  Linksys  does  not  acknowl¬ 
edge  and  will  not  do  anything  about.  Fairly  fre¬ 
quently  (once  or  twice  a  day  sometimes),  1  need  to 
power-cycle  the  router  to  get  an  Internet  connection 
through  my  cable  modem. 

For  whatever  reason,  the  router  just  hangs  up. 
Linksys  support  has  sent  me  revised  setup  instruc¬ 
tions  for  Comcast  cable  installations  and  I  have 
gone  through  the  pain  of  resetting  all  the  parame¬ 
ters  and  port  configurations,  but  it  didn’t  help.  I 
even  keep  the  router  away  from  equipment  gener¬ 
ating  heat  just  in  case. 

At  home  this  is  an  inconvenience,  but  when  I  try 
to  access  my  home  systems  remotely  via 
GoToMyPC  or  Slingbox,  it’s  just  impossible.  I’m 
now  looking  into  routers  that  can  handle  multi¬ 
ple  WAN  connections.  Hopefully  their  reliability 
record  is  better. 

Steve  Markman 
CEO  and  technology  consultant 
Venture  High  Consulting  LLC 
Los  Gatos,  Calif. 

Thanks  to  Kevin  Tolly  for  shining  some  light  on 
the  issue  of  broadband  router  performance.  I  had 
the  interesting  experience  last  year  of  removing  my 
router  and  operating  directly  attached  to  my  cable 
modem.  The  performance  was  spectacular  — 
about  10  times  faster  without  the  router  box  slow¬ 
ing  things  down. 


Tolly  didn’t  address  the  latency  issue;  I  hate  to 
think  how  much  the  router  delays  the  packets.  I 
also  suspect  (but  can’t  prove)  that  my  router,  an 
inexpensive  Linksys  box,  has  a  memory  leak  and 
slowly  degrades  over  a  three-to-four-day  period.  I’m 
now  in  the  habit  of  power-cycling  the  router  every 
few  days.  I’d  be  interested  to  read  Tolly’s  opinion,  or 
even  a  Network  World  test,  of  the  better  broadband 
routers  and  how  much  you  have  to  pay  to  get 
decent  performance. 

Peter  Thornton 

Annapolis,  Md. 

Regarding  broadband  routers,  here’s  another  per¬ 
spective.  I’ve  had  DSL  at  home  since  1999  and  had 
an  ancient  Alcatel  1000  DSL  modem  terminating  my 
DSL  line.  Although  the  line  was  rated  1.5Mbps,  I 
never  saw  throughput  better  than  700Kbps  on  it. 
After  communicating  with  a  tech  on  the  DSL 
forums,  I  installed  a  newer  DSL  modem  on  the  line, 
configured  it  and  am  now  getting  a  consistent 
1.25Mbps  connection. That’s  a  500Kbps  increase  for 
$20  spent  on  a  second-hand  unit  from  eBay 

It’s  not  just  the  router  but  all  the  components  in 
the  system  that  come  together  to  limit  or  maximize 
throughput.  I  swapped  out  my  old  SonicWall  fire¬ 
wall  when  I  replaced  my  modem.While  it  was  rated 
to  handle  more  than  that  rate  of  traffic,  it  was  time 
to  step  up  to  something  a  little  more  robust  and 
flexible.  I  put  in  a  Cisco  PIX  501  to  get  more  head- 
room  and  a  decent  VPN.  Again,  not  expensive,  but 
not  a  Sunday  ad  special,  either. 

Matthew  Leeds 
Vice  president  of  operations 
Gracenote 
Emeryville,  Calif. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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REGULATORY  COMPLIANCE 
Ben  Rothke 


Good  security  can  aid  compliance 


As  regulatory  deadlines  approach,  companies 
often  scramble  to  put  plans  into  place,  divert¬ 
ing  employees  from  their  regular  tasks  to 
work  on  documentation  and  other  deliverables.  If 
your  company  is  scrambling  to  deal  with  regula¬ 
tory  compliance,  then  there  is  a  much  greater 
underlying  problem  that  can’t  be  blamed  on  a 
lack  of  budget  or  staff  within  the  information 
security  group. 

If  you  combine  the  myriad  security  and  privacy 
regulations,  there  is  roughly  an  80%  commonality 
between  all  of  them. The  Sarbanes-Oxley  Act,  the 
Gramm-Leach-Bliley  Act, Securities  and  Exchange 
Commission  Rule  17a, Senate  Bill  1386  and  count¬ 
less  other  new  regulations  coming  down  the  pike 
all  deal  with  fundamental  issues  of  computer 
security  and  privacy 

The  most  pragmatic  way  to  handle  regulations 
is  to  create  an  effective  information  security  foun¬ 
dation  and  infrastructure.  This  enables  an  organi¬ 
zation  to  easily  deal  with  any  new  regulation  that 
comes  into  law. 

Companies  are  missing  the  point  when  they 
deal  with  each  regulation  as  a  discrete  effort  that 
needs  to  be  complied  with.  This  myopic  view  of 
regulatory  compliance  creates  a  situation  in 


which  organizations  are  constantly  reinventing 
the  wheel  and  wasting  time  and  effort.  Given  the 
80/20  rule,  which  posits  that  80%  of  regulatory 
requirements  fall  within  a  small  set  of  parameters, 
having  a  security  foundation  means  that,  at  worst, 
you’ll  only  have  to  initiate  “fire  drills”  to  deal  with 
the  other  20%  of  requirements. 

Organizations  often  don’t  realize  that  security 
and  compliance  are  not  absolute  states.  Com- 

If  you  combine  the  myriad 
security  and  privacy  regu¬ 
lations,  there  is  roughly  an 
80%  commonality .... 

puter  security  is  essentially  a  compromise  be¬ 
tween  risk  and  usability  By  performing  risk  assess¬ 
ments  and  understanding  what  its  risks  are,  a 
company  can  discover  how  to  secure  its  systems 
effectively  Similarly  compliance  is  a  negotiation 
between  a  company  and  its  auditors  and  regula¬ 
tory  bodies.  Organizations  that  have  this  security 
foundation  can  create  a  defensible  position  with 
respect  to  whatever  regulation  the  auditors  are 


dealing  with  that  week. 

So  what  is  to  be  done?  Above  all,  organizations 
need  to  create  security  around  a  formal  frame¬ 
work,  such  as  the  (ISC)2  Common  Body  of 
Knowledge,  ISO/IEC  17799  or  the  Information 
Security  Forum  Standard  of  Good  Practice.  This 
shows  a  company  is  serious  about  security 

Companies  that  have  developed  effective  infor¬ 
mation  security  programs  have  accomplished 
their  goals  by  focusing  on  security  from  a  frame¬ 
work  of  risk  mitigation  and  dealing  with  those 
risks  using  these  frameworks.  The  advantages  to 
such  an  approach  are  powerful,  as  the  recurring 
costs  to  comply  with  current  and  proposed  regu¬ 
lations  are  a  fraction  of  what  they  would  be  if 
such  a  framework  were  not  used. 

Regulations  are  like  a  baseball  pitcher  with  a 
variety  of  different  pitches.  A  good  catcher  can 
catch  whatever  pitch  is  thrown  at  him.  A  good 
foundation  ensures  that  all  work  will  be  in  the 
strike  zone  and  obviates  all  wild  pitches. 

Rothke  is  a  senior  security  consultant  with  INS 
and  the  author  of  Computer  Security:  20  Things 
Every  Employee  Should  Know  ( McGraw-Hill 
2006).  He  can  be  reached  at  ben.rothke@ins.com. 


ON  SECURITY 


Winn  Schwartau 


The  U.S.  Department  of  FUD? 


The  U.S.  government  recently  warned  fi¬ 
nancial  firms  and  services  of  an  al-Qaida 
call  for  a  cyberattack  against  online  stock 
trading  and  banking  Web  sites.The  Islamic  mili¬ 
tant  group  wants  to  “penetrate  and  destroy  the 
databases  of  the  U.S.  financial  sites,”  Reuters 
reported. 

Should  you  care?  Not  if  you  have  been  doing 
your  job. 

The  United  States  has  been  handling  informa¬ 
tion  warfare  attacks  for  more  than  a  decade,  with 
varying  degrees  of  success.  Our  biggest  national 
failure  has  been  defending  against  Class  I  infor¬ 
mation  warfare,  which  targets  personal  informa¬ 
tion  and  is  the  backbone  of  identity  theft,  phishing 
and  similar  profit-oriented  criminal  endeavors. 

Business  has  done  better  against  Class  II  infor¬ 
mation  warfare:  company-to-company  informa¬ 
tion  conflicts  and  industrial  espionage.  In  many 
ways  it  can  be  argued  that  American  industry 
essentially  has  chosen  to  permit  the  continued 
theft  of  intellectual  property  rather  than  institute 
appropriate  (and  perhaps  politically  incorrect) 
security  policies  and  procedures. 

The  alleged  al-Qaida  threat  is  Class  III  infor¬ 
mation  warfare.  Nation-states,  terrorists  or  other 
political  and/or  religious  nongovernment  orga¬ 
nizations  target  their  adversaries  for  nonprofit 
motivations,  such  as  denial  of  service  and  sys¬ 
temic  disruption,  including  psychological  opera¬ 
tions  (PsyOps).  Targeting  the  private  critical  in¬ 
frastructures  of  perceived  adversaries  is  called 
unrestricted  warfare,  as  declared  by  the  Chinese 


against  the  U.S.  private  sector  in  1998. 

Could  the  United  States  be  promoting  or  exag¬ 
gerating  the  al-Qaida  cyberterrorism  threat  as  a 
means  to  garner  support  for  current  U.S.  poli¬ 
cies?  FUD  —  fear,  uncertainty  and  doubt  —  is  a 
powerful  weapon  that  cannot  be  dismissed  out 
of  hand.  Or  is  this  al-Qaida  using  PsyOps,  their 
own  form  of  FUD?  This  form  of  FUD-based 
PsyOps,  be  it  a  videotaped  beheading  or  the 
threat  of  economic  meltdown,  is  a  proven  Class 

It  does  not  take  any  stretch 
to  envision  . . .  technical 
types  infiltrating  our  nation¬ 
al  critical  infrastructure. 

Ill  weapon.  A  few  years  ago  the  Irish  Republican 
Army  effectively  shut  down  London  with  a  few 
well-placed  threats.  No  bombs,  no  boom,  but 
London  was  brought  to  a  halt. 

Let’s  say  that  al-Qaida  has  hired  the  best  hack¬ 
ers  and  intrusion  experts  from  the  United  States, 
China,  Israel,  Russia.  Mass  hiring  on  this  scale  is 
highly  unlikely  but  in  examining  risk,  I  like  to 
turn  up  the  dial  full  tilt  to  get  a  view  of  possibili¬ 
ties.  Al-Qaida  certainly  has  more  than  one  guy 
on  an  oasis,  but  they  do  not  have  the  power  of 
DefCon.  (www.DefCon.org).  They  do  not  have  a 
magic  switch  to  say,  “Goodbye,  New  York  Stock 
Exchange”  or  “Good  riddance,  Schwab!” 

So  what’s  the  worry  about  al-Qaida  and  similar 
extremists?  Two  things.  Al-Qaida  conceivably 


could  launch  a  zero-day  denial-of-service  attack 
against  online  banking. 

The  second  worry  reflects  the  insidious  nature 
of  those  who  threaten  us.  Islamic  extremists  open¬ 
ly  avow  they  have  been  quietly  insinuating  them¬ 
selves  at  all  levels  of  our  society  It  does  not  take 
any  stretch  to  envision  a  long-term  machination 
of  skilled  and  trusted  technical  types  infiltrating 
our  national  critical  infrastructures. 

The  greatest  threats  to  our  financial  and  other 
critical  systems  are  from  insiders.  A  coordinated 
cell  of  operatives  (al-Qaida  or  other)  employed 
within  interdependent  power, telco  and  financial 
centers  is  a  more  effective  way  of  creating  mass 
disruption  than  attempting  to  master  the  Inter¬ 
net  as  a  weapon  of  mass  destruction/disruption. 

Whether  the  al-Qaida  threat  is  construed  as 
physical  or  cyber  is  irrelevant,  as  the  defensive 
means  is  the  same:  regular  in-depth  profiles  of  the 
psychology  and  proclivities  of  trusted  employees 
to  whom  we  give  the  greatest  access  or  control. 
Instead  of  repeatedly  looking  outward  for  threats 
to  our  infrastructures,  we  should  be  looking  with¬ 
in  far  more  than  the  current  face  of  political  cor¬ 
rectness  permits.Trust  but  verify  again  and  again” 
applies  not  only  to  technology  but  also  to  people. 

Schwartau  is  a  security  writer,  lecturer  and  pres¬ 
ident  of  Interpact,  a  security  awareness  consult¬ 
ing  firm.  He  can  be  reached  at  winn@thesecu- 
rityawarenesscompany.com  For  a  free  copy  of 
his  book,  Information  Warfare,  go  to  www.ihesec 
urityawarenesscompany.  com/chez/ chez.php. 


Backup  and  restoration 


Old  backup  standbys  show 
their  strength  in  test 

But  newcomers  make  it  interesting  with  fresh  features 

BY  TOM  HENDERSON  AND  LASZLO  SZENES,  NETWORK  WORLD  LAB  ALLIANCE 

Enterprise  backup-and-restoration  products  have  grown  sophisticated  as 
they’ve  been  forced  to  accommodate  a  variety  of  operating  systems  and 
hard-disk  filing  systems,  incorporate  security  parameters,  and  produce  audit 
trails  sufficient  to  meet  compliance  regulations. 


We  tested  nine  products  designed  to  relieve  the  long¬ 
standing  drudgery  of  backing  up  enterprise  systems  and  to 
take  on  the  newfound  challenges  of  securely  and  compli¬ 
antly  protecting  data.  Among  the  candidates,  we  found  that 
an  old  standby  Symantec’s  Backup  Exec,  stands  above  the 
others  for  consistent  backup  and  restoration  in  a  variety  of 
situations.  Symantec  was  followed  very  closely  by  HP’s 
OpenView  Storage  Data  Protector,  which  has  excellent  core 
usability.  However,  Acronis,  Atempo,  Avamar  (bought  by 
EMC  during  the  testing  cycle)  BakBone  and  Yosemite 
Technologies  made  competition  difficult,  as  each  was  able 
to  accomplish  server,  client  and  branch  backups  and 
earned  extra  credit  for  usable  security  audit  trails  and  sup¬ 
port  for  bare-metal  machine  cloning. 

Much  emphasis  is  placed  in  today’s  backup  world  on  spe¬ 
cific  applications.  Transaction-oriented,  high  or  rapid  data- 
delta  applications,  such  as  Microsoft  Exchange,  Microsoft 
SQL  Server  and  Oracle  databases,  have  a  crop  of  products 
poised  to  provide  high  availability  specifically  for  them.The 


We  built  a  network  consisting  of  an  emulated 
central  site  (a  data  center),  which  was  con¬ 
nected  to  a  branch  network  of  several  servers, 
each  running  the  operating  system  best  supported  by 
the  hardware.The  central  site  server  was  an  HP  DL140 
with  1GB  of  RAM  and  an  Intel  Xeon  processor, running 
Windows  Enterprise  Server  2003  or  SUSE  Linux  10. 
Available  servers  for  branch  testing  included  an  Apple 
Xserve  G4  running  MacOS  10.4.7,  a  Sun  T2000  server 
running  Solaris,  or  HP  DL140  boxes  running  SUSE 
Linux  Enterprise  Server  10  or  Windows  2000 
Enterprise  Server  and  Active  Directory. 

There  were  three  varieties  of  branch  clients:  Win¬ 
dows  XP  SP2  (on  several  different  machines),  MacOS 
10.4.7  (on  Apple  PbwerBook  G4  and  G4  workstations) 
and  OpenSUSE  10  (on  a  VMware  HP  Notebook  VM 
and  a  Compaq  Presario  2.8GHz,  Celeron-based 


availability  of  application-specific  data  is  accomplished 
through  various  methods  that  effectively  mirror  transactions 
into  disparate  computing  hardware.This  focus  doesn’t  seem 
to  pay  attention  to  the  fact  that  enterprises  often  use  a 
sophisticated  mix  of  off-the-shelf  applications  and  internal¬ 
ly  developed  programs  groomed  to  support  a  variety  of 
operating  systems. 

Most  of  the  backup  products  we  examined  have  transac¬ 
tion  application  backup  modules  or  suites  available  as 
extra-cost  options.  However,  we  did  not  test  those  options 
because  this  evaluation  centers  on  testing  several  generic 
(meaning  non-application-specific)  backup  applications 
in  an  emulation  of  a  corporate  site-with-branches  environ¬ 
ment  (see  “How  we  did  it,”  below). 

Here  is  a  product-by-product  breakdown  of  our  testing. 

Acronis  True  Image  Enterprise  Server 

True  Image  Enterprise  Server  (we  tested  Version  9.1)  is  a 
data  center-focused  client/server  application  that  supports 


machine).  All  client  machines  were  connected  by  a 
Gigabit  Ethernet  switch  to  the  branch  server. 

Two  of  the  products  we  tested  ship  to  customers  with 
hardware.  Avamar  supplied  Axion  for  testing  on  a  Dell 
FbwerEdge  2850,  and  Atempo  LiveBackup  came  run¬ 
ning  on  a  Dell  FbwerEdge  1800  server  and  a  Dell  XPS 
workstation,  which  ran  the  management  console. 

We  tested  for  compatibility  within  the  operating  sys¬ 
tems  we  hosted  (both  client  and  server), and  checked 
features  for  enterprise  server  backup  and  restoration, 
client  backup  and  restoration,  installation  on  clients 
and  servers,  and  the  ability  to  clone  both  servers  and 
clients  to  be  used  in  rollout  or  distribution  situations. 

We  also  examined  user  interfaces  for  the  supported 
operating  systems  we  used,  to  check  for  ease  of  use, 
security  consistency  and  ability  to  audit  backup-and- 
restoration  logs. 


a  wide  variety  of  Windows  and  Linux  operating  systems 
and  CPUs  as  clients  or  servers.  However,  it  doesn’t  support 
MacOS,  Solaris  and  other  non-Linux,  Unix-like  operating 
systems,  such  as  HP-UX  and  AIX. 

Users  and  administrators  can  easily  restore  files.They  just 
need  to  walk  through  a  wizard,  selecting  which  files  they 
want  backed  up  and  restored,  and  where. This  process  can 
be  performed  even  more  quickly  if  the  user  or  administra¬ 
tor  adds  a  local-client  drive  partition  that  has  the  operating- 
system  files  necessary  to  boot  the  system. Then  this  system 
can  be  booted  from  this  partition  to  restore  a  damaged  one 
(or  one  that  won’t  boot  because  of  viruses,  Trojans  and  so 
on).  After  this  base-restoration  has  been  accomplished,  the 
rest  of  the  files  can  be  fetched  to  bring  the  machine  to  a 
more  usable  state.  This  method  diminishes  overall  down¬ 
time.  The  downside  is  that  there  is  no  data  encryption, 
though  there  is  some  compression  that  obscures  data  on 
network  transports  as  it  is  being  backed  up  or  restored. 

True  Image’s  strengths  lie  in  its  egalitarian  support  of  most 
32-  and  64-bit  editions  of  Windows  (including  NT4,98  and 
ME),  as  well  as  numerous  kinds  of  Linux  (we  tested  SUSE 
10,  but  Debian,  Mandrake,  United  Linux  and  others  also  are 
supported)  through  virtually  any  kind  of  backup  media. 

Unlike  others  we  tested,  True  Image  doesn’t  support  con¬ 
tinuous  backup;  therefore,  workstations  and  servers  with 
high  data-change  rates  would  not  be  backed  up  as  often  as 
they  should.  True  Image  does  support  making  a  bootable 
disaster-recovery  CD/DVD,  which  lets  administrators  have 
hot  media  to  either  start  restoring  machines  with  disk  fail¬ 
ures  or  conduct  a  bare-metal  restoration. 

In  terms  of  administration,  True  Image  is  very  well 
organized  and  was  one  of  the  most  user-friendly  prod¬ 
ucts  we  tested. 

For  security  purposes,  True  Image  allows  for  archived 
files  to  be  password  protected,  but  it  does  not  support 
encryption  during  data  transfer. 

In  terms  of  reporting,  Acronis  produces  a  log  for  each 
backup-and-restoration  operation  that  contains  the  steps  of 
the  action  and  whether  it  was  successful.  But  the  log  does 
not  detail  which  fields  were  accessed  during  the  process. 
The  log  can  be  saved  in  a  file,  and  the  system  can  send  noti¬ 
fications  of  actions  via  e-mail  or  as  a  Windows  popup  using 
Windows  Messenger  Service. 

Arkeia  Network  Backup 

Of  the  products  tested,  Arkeia  Network  Backup  had  the 
longest  lists  of  supported  operating-system  clients  and  stor¬ 
age  devices  and  methods,  a  testament  to  Arkeia’s  back¬ 
ground  as  an  early  open  source  backup  application,  based 
on  Linux.  Arkeia  touts  a  long  list  of  supported  SCSI  tape 
drives  and  jukeboxes,  as  well  as  Linux  and  Windows-based 
network-attached  storage  devices  and  a  variety  of  storage- 
area  networks  (SAN)  .These  include  SCSI  tape  devices  from 
HR  Exabyte  and  Maxtor  and  operating  systems  from  SGI 
(iRIX),SCO  (UnixWare)  and  Compaq  (Tru64). 

Arkeia  is  distinctively  Unix-flavored  and  requires  at  least  a 
minimal  amount  of  Unix  expertise  to  install,  manage  and 
audit.  For  example,  you  have  to  run  shell  commands  and 
debug  error  messages  if  they  come  up. 

Arkeia  Network  Backup  runs  as  a  server  only  on  Linux, 
AIX,  Solaris,  IRIX,  SCO  UnixWare  or  Compaq  Tru64  Unix.  It 
cannot  run  on  Microsoft  Windows  servers  (which  can  be 

See  Backup,  page  28 
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Microsoft 


By  MICHAEL  BETTENDORF 


LONDON,  Oct.  2006  — 
When  an  IT  system  must 
process  15  million  real-time 
messages  per  day,  with  peaks 
at  2,000  messages  per  second, 
even  one  second  of  downtime 
counts.  That’s  the  pressure 
the  London  Stock  Exchange 
faced  when  building  Infolect, 
the  Exchange’s  real-time 
stock-ticker  information  de¬ 
livery  system. 

The  solution  had  to  have 
rock-solid  reliability,  nothing 
less.  “Reliability  is  one  of  the 
key  attributes  of  the  Exchange 
in  its  technology  systems. 
These  systems  have  to  work 
every  day,  24/7,  to  make  sure 
the  markets  are  there,”  said 
CIO  David  Lester,  who  evalu¬ 
ated  both  Linux  and  Micro¬ 
soft®  Windows  Server®  2003 
for  the  Exchange’s  core  tech¬ 


nology  systems.  “We  looked 
at  a  number  of  different  plat¬ 
forms  for  our  Technology 
Roadmap,  and  we  lined  up 
our  business  requirements 
with  the  capabilities  of  those 
platforms,  and  Windows 
Server  was  the  clear  choice.” 

In  Lester’s  view,  long- 
term  reliability  is  a  function 
of  a  solid  relationship:  "We 
wanted  a  deep  partnership 
with  an  organization  that 
could  deliver  the  kind  of 
mission-critical  technology 
that  we  needed,  and  we  felt 
Microsoft  delivered  just  that.” 

For  the  full  London  Stock 
Exchange  case  study,  plus 
other  case  studies  and  inde¬ 
pendent  research  findings  on 
the  reliability  of  Windows 
Server  versus  Linux,  visit  us 
at  microsoft.com/getthefacts 


BREAKING  NEWS: 

London  Stock  Exchange  Achieves 
Record  Reliability 

David  Lester,  Chief  Information  Officer  of  the  London  Stock 
Exchange,  cites  Windows  Server  as  key  to  maintaining  system 
reliability  and  performance.  —  Continued  on  Pone  #.?. 


Tom  Nagy  for  The  Highly  Reliable  Times 

THE  HEADQUARTERS  BUILDING  of  the  London  Stock 
Exchange,  located  in  London’s  Paternoster  Square. 

LESTER  SPEAKS  OUT: 

“We  looked  at  a  number  of  different 
platforms  for  our  Technology  Roadmap, 
and  we  lined  up  our  business  require¬ 
ments  with  the  capabilities  of  those 
platforms,  and  Windows  Server  was 
the  clear  choice." 

-David  Lester,  CIO, 

London  Stock  Exchange 
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Windows  Server  2003 


LONDON  STOCK  EXCHANGE  CHOOSES 
WINDOWS  OVER  LINUX  FOR  RELIABILITY 

Reliability  Is  Key  in  the 
World’s  Capital  Market ’ 
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Product 

!ackupb“  lOBR CHOICE lOl 

OpenView  Storage  Data  Protector 

NetVault 

LiveBackup 

HP 

www.hp.com 

BakBone 

www.bakbone.com 

Atempo 

www.atempo.com 

www.symantec.com 

Price 

$1,490* 

$2,780*  Windows  and  Linux. 

$1,705* 

Outstanding  operating-system  and 

$25-$75  per  seat,  based  on  volume. 

Pros 

Quick  systematic  backup  and  restore; 
offers  ability  to  restore  Windows  image 
to  different  machine;  Windows  and 
NetWare. 

Built  for  large-scale  deployment;  offers 
support  for  large  number  of  operating 
systems. 

media  support. 

Difficult  bare-metal  restoration. 

Continous  backup  capability;  easy 
restore  for  users. 

Cons 

Complicated  licensing  procedure. 

Very  complex;  steep  learning  curve; 
security  measure  not  turned  on  by 
default. 

Windows  only;  slightly  complicated 
server  installation. 

Score 

4.25 

i - :  ^ 

4.13 

4.0 

3.9 

Product 

True  Image  Enterprise  Server 

Axion 

Asigra  Televaulting 

Yosemite  Backup 

Network  Backup 

Vendor 

Acronis 

www.acronis.com 

Avamar  (acquired  by  EMC) 

www.avamar.com 

Asigra 

www.asigra.com 

Yosemite 

www.yosemitetech.com 

Arkeia  Software 

www.arkeia.com 

Price 

$1,320  as  tested;  server  and 
four  clients. 

$26,500* 

$11,250* 

$3,250* 

$2,050* 

Pros 

Makes  a  bootable  disaster- 
recovery  CD/DVD;  strong 
Windows  and  Linux  focus. 

Single-instance  storage;  fully 
searchable  backup. 

Uses  bandwidth  effectively  for 
WAN  backups;  single-instance 
storage  conservation. 

Easy  installation;  scalable. 

Wide  operating-system  and 
tape  support. 

Cons 

Weak  operating  compatibility. 

Complicated  setup;  poor 
support  for  bare-metal 
restoration. 

Weak  support  for  disaster 
recovery. 

Weak  security;  no  default 
encryption  of  data,  inadequate 
support  for  bare-metal 
restoration. 

Not  easy  to  install;  tape- 
oriented  backup. 

Score 

3.85 

3.7 

3.6 

3.55 

3.23 

NETWOR  WORLD 


Research  your  backup  and  recovery  options 
in  the  Network  World  Buyer's  Guide. 

www.nwdocfinder.com/1034 


‘Readers  are  cautioned  to  check  pricing  for  their  specific  environment;  prices  quoted  for 
two  Linux/Windows  servers  and  one  each:  Windows  XP,  MacOS,  and  Linux  workstation 
(where  it  was  compatible). 


The  Breakdown 

Acronis  True  Image 

Atempo  LiveBackup 

Asigra  Televaulting 

Arkeia  Network 
Backup 

Avamar  Axion 

BakBone  NetVault 

HP  OpenView  Storage 
Data  Protector 

Symantec  Backup 
Exec 

Yosemite  Backup 

Backup/restore  usability  40% 

4 

4.5 

3 

3 

4 

4 

4.5 

5 

4 

Administration/management 
/features  30% 

4.5 

4 

4 

3 

3 

4 

4 

4 

4 

Security  15% 

3 

4 

4 

3 

4 

3 

3.5 

3 

2 

Compatibility  15% 

3 

2 

4 

; 

4.5 

4 

5 

4 

4 

3 

Total  score 

3.85 

3.9 

3.6 

3.23 

3.7 

4 

4.13 

4.25 

3.55 

Scoring  Key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Subpar  or  not  available 


Backup 

continued  from  page  26 

clients  and  media  servers,  but  not  administrative  servers). 
Installation  is  somewhat  more  difficult  than  average, 
though  the  supplied  documentation  gives  very  useful, oper¬ 
ating-system-specific  installation  tips.  Uninstallation  on 
non-Windows  platforms  must  be  done  manually  because 
there  are  no  scripts  or  routines  to  do  so. 

We  were  concerned  about  security  when  we  found  that 
the  Arkeia  administrative  GUI  required  us  to  run  as  root  on 
a  client  or  server  to  access  Network  Backup  functionality 
The  GUI  is  highly  flexible,  letting  administrators  add  spe¬ 
cific  storage  options,  such  as  drive  types  and  tape  sets,  as 
target  backup  systems.  Arkeia  has  no  native  encryption  for 
data  sent  across  network  transports,  though  client-side 
encryption  is  available  at  extra  cost.  In  this  option,  encryp¬ 
tion  key  management  is  left  to  the  administrator,  who  must 
end  a  method  of  key  storage  and  policy  —  without  the 
keys,  the  backups  are  useless. 

Procedurally,  Arkeia  Network  Backup  uses  a  backup 


server,  a  media  server  and  clients.  The  backup  server 
keeps  track  of  where  files  and  sets  of  files  are  stored,  while 
the  media  server  is  a  targeted  storage  pool  fed  by  tape  or 
disk  storage.  Arkeia  permits  multiple  streams  of  data  to  be 
backed  up  from  clients  to  optimize  backup  speed,  though 
we  found  little  real  difference  in  overall  backup  speed 
when  we  used  multiple  streams.  Continuous-backup  types 
(for  example,  immediate  file  delta  backup  invocation) 
aren’t  supported. 

Logs  are  kept  of  messages  concerning  all  processes,  and 
they  can  be  viewed  in  different  degrees  of  detail,  but  we 
found  no  option  to  save  them  to  a  file. 

Arkeia’s  administrative  GUI, especially  on  Linux, often  was 
difficult  to  use.  It  would  appear  to  freeze  for  a  time  (seem¬ 
ingly  processing),  then  reemerge  to  do  more  work. 
However,  Network  Backup  does  have  installation  and 
administrative  consistency  across  the  platforms  it  supports. 

Asigra  Televaulting 

Asigra’s Televaulting  takes  a  different  approach  to  back- 


up-and-restore  processes  in  terms  of  the  relationship 
between  user  or  server  hardware,  backup  storage  de¬ 
vices,  and  overall  process  management.  Asigra  backs  up 
files  through  a  gathering  (backup)  and  distribution 
(restoration)  local  data-collector  server  called  DS-Client, 
which  resides  on  a  local  network  and  is  controlled  by  an 
application  called  DS-User.The  DS-Client  master  backup 
server,  called  the  DS-System,  is  controlled  by  yet  another 
application  called  DS-Operator.  DS-Operator  manages  DS- 
System  and  also  performs  system  accounting  (such  as 
charging  accounts  for  disk  storage, creating  limits  on  stor¬ 
age,  bandwidth  throttling  by  clients,  and  other  adminis¬ 
trative  features).  DS-Operators  features  are  handy  to  inter¬ 
nal  IT  departments  that  charge  for  their  services,  as  well 
as  third-party  backup  service  providers. 

Overall,  this  method  was  slower,  because  there  were  no 
clients  on  the  machines  that  would  do  optimization  and 
caching,  but  the  product  relies  on  the  operating  system  s 
algorithms.  In  addition,  network  traffic  is  higher  because 
there  is  no  compression. 
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DS-Client  runs  on  various  platforms,  but  the  choice  of  the 
platform  is  important.  Because  DS-Client  will  pull  or  push 
information  based  on  its  ability  to  log  on  to  a  server  or  user 
machine,  its  capabilities  must  match  those  of  the  intended 
server  or  user  machine.  For  example,  when  DS-Client  is 
hosted  on  a  Windows  machine,  it  can  back  up  Server 
Message  Block  —  Microsoft’s  early  network  connectivity 
methodology  —  or  SAMBA-connectable  machines 
through  standard  SMB  user  name-password  combinations. 

DS-User  doesn’t  load  agent  software  on  a  client  that 
needs  backup-and-restoration  services.  Instead,  DS-User 
sets  up  the  DS-Client  application  to  log  on  to  a  user’s 
machine  or  a  network  server  using  standard  network 
credentials  specific  to  the  machine  or  server  under  con¬ 
trol.  Backups  or  restorations  then  are  authenticated  with 
encryption  methods  that  vary  from  Data  Encryption 
Standard,  to  Advanced  Encryption  Standard  (AES) 
(128-,  192-  or  256-bit). The  encryption  keys  are  stored  — 
dangerously  —  on  the  client,  if  they  aren’t  remembered 
during  stressful  situations,  data  will  be  lost  forever. 
Fortunately  there’s  only  one  key  per  client  server. 

Also,  we  found  that  although  Asigra  says  its  product 
easily  allows  for  bare-metal  restoration,  we  found  the 
process  difficult,  because  the  initial  operating-system 
files  must  be  placed  on  a  crippled  server  or  workstation 
before  a  restoration  mission  can  begin. 

In  terms  of  reporting,  this  system  keeps  detailed  (but 
not  file-level)  records  of  each  transaction  and  keeps  a 
system-event  log  (which  tracks  logons  and  connection 
openings  and  closings).  We  could  view  the  logs  easily, 
but  found  no  way  to  export  the  logs  to  a  file  format. 

Televaulting  requires  that  more  initial  administrative 
time  be  spent  upfront  to  populate  user  credentials  and 
assign  backup  sets  and  perform  traffic  management  for 
backups.  On  the  plus  side,  it  has  good  security. 

Atempo  LiveBackup 

LiveBackup  is  a  hybrid  application  that  performs  contin¬ 
uous  backups  and  makes  system  snapshot  files.  Strictly  cap¬ 
tive  to  Microsoft  platforms,  Atempo  uses  MS  SQL  Server 
2000  (included)  to  keep  track  of  backup  client-system  data 
movements.  It’s  fast  —  it  made  a  snapshot  of  our  system  in 
a  matter  of  minutes  —  and  provided  a  desirable  negligible 
load  on  client  performance  while  it  was  backing  up  con¬ 
tinuously  Where  there’s  a  lot  of  continuously  changing 
data,  a  fast  pipe  to  the  server  (such  as  a  symmetrical  broad¬ 
band  connection)  is  recommended  to  ensure  the  lowest 
delta  in  the  backup  data  set. 

LiveBackup  was  tougher  to  install  than  normal  in  this  test, 
and  the  client-side  application  can’t  have  its  installation 
options  (such  as  the  IP  address  of  the  server  and  the  system 
name  of  the  client)  changed  without  the  client  application 
being  uninstalled  and  reinstalled.This  shouldn’t  be  difficult 
for  static  situations,  where  nothing  changes,  but  we  don’t 
like  to  bet  on  those.  We  also  had  to  do  additional  installa¬ 
tion  tasks  that  might  stump  some,  such  as  configuring  the 
MS  SQL  Server  to  start  in  the  host  server  system  —  some¬ 
thing  Atempo  could  have  done  easily  by  supplying  an 
installation  script. 

It’s  otherwise  easy  to  understand  and  navigate  backups 
from  client  to  server,  whether  you’re  an  administrator  or  a 
slightly  savvy  user.  A  LiveBackup  128-bit  cipher  encrypts 
data  backed  up  from  client  to  server  on  the  wire  (or 
through  the  air  or  whatever  the  network  transport  is). VPN 
connections  must  be  arranged  and  deployed  outside  of  the 
LiveBackup  deployment  if  they’re  needed  for  remote  users. 
Unfortunately,  LiveBackup  doesn’t  do  machine  cloning  or 
load  software  on  new  machines  for  internal  distribution  as 
easily  as  other  products  we  tested. 

It’s  possible  to  let  a  server-stored  LiveBackup  DVD/CD  set 
restore  a  failed  system  in  the  field.  This  is  very  helpful  in 


cases  where  a  remote  worker’s  machine  has  a  hard-disk 
failure  of  some  kind.  The  user  could  take  the  LiveBackup 
DVD/CD  media,  after  having  remedied  the  hard-disk  fail¬ 
ure,  and  use  it  to  replace  lost  data  or  request  a  simple  disk 
overwrite  to  do  a  bare-metal  restoration. 

LiveBackup  is  a  hard-drive  and  SAN-focused  storage 
system,  and  the  word  “tape”  does  not  appear  in  its  docu¬ 
mentation.  This  means  that  multiple  iterations  of  data 
will  require  an  online,  rapidly  accessible,  drive-based 
infrastructure  for  storage. Therefore  Atempo’s  usefulness 
in  providing  rapidly  restorable  data  is  offset  by  the  need 
for  large  data  stores  at  the  LiveBackup  server.  Live- 
Backup  conserves  media  by  using  single-instance  tech¬ 
nology,  meaning  that  only  one  instance  of  a  file  is  stored 
(unless  it  is  changed,  creating  another  instance).  The 
payoff  can  be  very  rapid  restoration  of  information 
where  the  platform  is  homogeneously  Windows-based. 

For  security  LiveBackup  by  default  uses  a  128-bit  cipher 
for  data  transmission. 

On  the  reporting  front,  LiveBackup  generates  rudimenta¬ 
ry  reports  on  such  activities  as  how  many  backups,  restora¬ 
tions  and  rollbacks  particular  users  did.These  statistics  are 
stored  in  a  database  that  has  archiving  as  an  option. 


HP's  OpenView  Data  Protection  Manager  got  high  marks  for  its 
usability  because  it  can  be  driven  by  wizards  that  are  espe¬ 
cially  useful  given  the  highly  sophisticated  processes  allowed 
by  the  product. 

HP  OpenView  Storage  Data  Protector 

HP’s  OpenView  Storage  Data  Protector  is  the  tip  of  the  ice¬ 
berg  for  a  wide  variety  of  HP  storage  applications.  HP’s 
backup-and-restoration  philosophy  is  similar  to  that  of  most 
of  the  other  products  tested,  where  online  (disk  and  SAN- 
based)  storage  —  as  opposed  to  near-line  (tape  and 
mountable  media)  storage  —  produces  faster  restoration 
results.  Storage  Data  Protector  supports  a  generous  variety 
of  tape  and  SAN  media,  and  while  it  supports  HP’s  operat¬ 
ing  systems  and  older  versions  of  Linux  and  Microsoft 
Windows  systems,  it  was  notably  bereft  of  support  for 
Apple’s  MacOS. 

The  installation  of  HP’s  products  was  by  far  the  most  dif¬ 
ficult  of  the  products  we  tested,  but  that  was  caused  in  part 
by  its  numerous  setup  options.  Storage  Data  Protector  puts 
comparatively  deep  connectivity  and  backup  and  restora¬ 
tion  options  into  place  during  installation,  putting  devices 
into  cells,  where  a  Cell  Manager  application  is  installed  as 
the  main  backup  server  for  the  domain.  Storage  Data 
Protector’s  internal  proprietary  database  keeps  track  of 
where  files  are,  to  whom  they  belong,  and  what  interation 


or  form  they  have. 

The  GUI,  which  is  available  to  administrators  and  users 
with  the  authority  to  access  backup  files,  communicates 
with  the  Cell  Manager,  which  can  run  on  Unix  or  Windows 
systems.  The  client-side  GUI  is  sensitive  to  DNS  settings, 
which  could  produce  unusual  error  messages  if  the  DNS  is 
incorrectly  configured.  In  turn, each  client  needing  backup- 
and-restoration  services  has  a  backup  or  (for  specific  appli¬ 
cations  such  as  Exchange  or  SAP)  application  agent  soft¬ 
ware  installed.  Clients  with  backup  storage  devices 
attached  also  have  a  media  agent  installed  that’s  controlled 
by  the  Cell  Manager. 

The  Cell  Manager  also  serves  as  an  Installation  Server, 
holding  various  applications  for  either  Unix  or  Windows 
systems,  and  two  separate  servers  are  needed  if  both  oper¬ 
ating  system  platforms  are  to  be  supported  by  Storage  Data 
Protector. The  cells  that  are  developed  for  backup-manage¬ 
ment  purposes  are  managed  by  a  manager-of-managers 
GUI  that  sends  signals  from  a  two-tier  hierarchy  (data  cen¬ 
ter  and  branch  cells)  to  manage  backups  remotely. 

Our  branch  simulation  showed  the  potential  benefits 
of  cellularlike  management  via  the  manager  of  man¬ 
agers  methodology.  It’s  tougher  to  set  up  initially  and 
requires  planning,  but  should  pay  handsomely  in 
administrative  benefit. 

We  were  dismayed  to  find  encryption  and  compression 
turned  off  by  default,  but  at  least  they’re  available.  There’s 
also  no  rapid-restoration  methodology  available  unless  it’s 
purchased  as  a  separate  “Enhanced  Automated  Disaster 
Recovery”  module. 

HP  offers  four  levels  of  logging  capabilities.  The  highest 
level  logs  every  detail  in  every  file.The  next  level  logs  basic 
file  information.  The  third  level  logs  only  directory  infor¬ 
mation.  The  last  level  is  no  logging  at  all.  The  product’s 
reporting  capabilities  focus  on  administrative  and  perfor¬ 
mance-monitoring  information.  These  reports  can  be 
scheduled  and  delivered  via  e-mail,  SNMP  and  Windows 
messaging,  or  written  to  a  file. 

Avamar  Axion  (now  EMC) 

Axion  has  a  unique,  appliance-based  approach  to  back¬ 
up.  Inside  the  Linux-based  appliance,  which  comes  outfit¬ 
ted  with  1 .5TB  of  storage  space  and  supplies  RAID  5  data 
protection,  is  the  Axion  application,  complete  with  its  own 
filing  system.  Axion  uses  single-instance  storage  to  con¬ 
serve  space  among  all  of  the  clients  that  use  the  appliance 
for  backup  and  restoration. The  appliance  approach  does 
speed  up  restorations,  because  all  storage  is  in-line. 

Clients  access  the  Axion  appliance  to  download  client- 
side  backup  applications  specific  to  their  operating  sys¬ 
tem.  Axion’s  backups  are  both  incremental  (changed 
files)  and  system  snapshots.  Axion  supports  Microsoft 
Windows  (NT  and  later), Linux  (Red  Hat  versions  7.3  and 

7.4  and  SUSE  SLES  versions  8  and  9),  Solaris  (versions  7 
to  10),  HP-UX  (versions  11  and  Hi)  and  AIX  (versions  5.1 
to  5.3)  —  but  not  Mac  OS  X.  A  Java  client  for  each  version 
is  also  downloadable. 

The  files  in  Axion’s  server  appliance  are  stored  within  a 
proprietary  filing  system  called  Avamar  File  System  (AvFS), 
which  provides  indexing  and  a  rapid-search  engine.  The 
indexing  takes  place  according  to  a  schedule,  rather  than 
in  real  time. AvFS  can  be  searched  Google-style  with  search 
strings,  letting  a  full  backup  database  be  searched  easily 
and  randomly  for  security  or  other  reasons. 

The  Web  interface  that  runs  Axion  doesn’t  support  the 
Firefox  browser  fully  (a  plug-in  must  be  added  in  versions 

1.5  and  2.0)  and  doesn’t  support  browsers  based  on  KDE 
(Konqueror)  and  Apple  Safari,  making  it  difficult  to  use  for 
certain  Linux  and  Apple  clients.  We  had  the  best  success 
with  Internet  Explorer  versions  6  and  7. 

Although  Axion  doesn’t  perform  bare-metal  restoration.it 
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Symantec's  Backup  Exec's  administrative  application  allowed  us  to  rapidly  drill  down 
to  any  activity  we  wanted  to  complete. 


conducts  rapid  restoration  once  a  machine 
establishes  connectivity  It  does  this  by  knowing  a 
machines  total  file-history  delta  and  then  restores 
on  demand  only  the  files  it  knows  have  changed. 

This  unique  method  assesses  the  current  state  of 
a  client  needing  restoration,  compares  it  with  a 
file  history  of  the  client  and  restores  only  the  files 
that  differ  between  the  current  and  desired  state 
of  the  machine. 

On  the  security  front,  Axion  offers  proprietary 
or  AES  128-bit  encryption  for  data  transmis¬ 
sions,  and  has  in  place  user-access  control  to 
stored  data. 

Logging  is  available  through  a  command-line 
interface.There  is  also  good  reporting  support  in 
the  administrative  GUI  that  provides  such  perti¬ 
nent  information  as  a  listing  of  client  activity  in  a 
specified  period. 

We  liked  the  appliance  method  used  by  Axion 
and  found  it  to  be  useful  if  immature  compared 
with  the  features  of  the  other  backup  products 
we  tested.  A  downside  is  that  larger  enterprises 
may  well  use  numerous  appliances,  even  if  they  can  be 
added  in  a  modular  fashion. 

BakBone  NetVault 

BakBone’s  NetVault  Enterprise  Edition  supports  enter¬ 
prise  backup-and-restoration  functions  for  the  majority  of 
hosts  and  clients  we  tested,  missing  only  SGI  IRIX  and  SCO 
UnixWare.  It  also  supported  every  type  of  backup  media 
that  we  used  in  testing.  The  vendor  supplied  a  long  list  of 
applications  it  backs  up  and  restores  for  a  price,  including 
Oracle,  MySQL,  Lotus  Notes,  Sybase, VMware/ESX  and  SAP 

NetVault  provides  two  main  administrative  applications 
with  its  general  system,  Configurator  and  the  NetVault  GUI. 
Configurator  sets  logging  levels;  sets  up  ports  for  communi¬ 
cations  among  clients  and  storage  devices;  schedules  jobs; 
and  sets  tuning  parameters  and  details  for  backup,  restora¬ 
tion  and  infrastructure  for  these. 

The  NetVault  application  performs  simple,  full  or  incre¬ 
mental  backups.  It  can  have  additional  memory  buffers 
assigned  in  the  server,  a  feature  that  has  a  decided  impact 
on  performance  —  more  buffers  render  faster  backup 
throughput.  The  NetVault  documentation  provides  good 
details  on  how  to  tune  performance  for  speedier  backups. 
NetVault  7.4  uses  compression,  but  supports  encryption 
only  in  an  add-on  module. 

It  was  simple  to  manage  backups  and  restorations  across 
the  platforms  we  tested.  NetVault  doesn’t  provide  for 
cloning  machines  and  also  doesn’t  make  available  a  rapid- 
restoration  methodology  in  case  of  client  hard-disk  failure. 
This  means  that  the  case  of  failure,  clients,  whether  work¬ 
stations  or  servers,  must  have  an  initial  operating-system 
restoration  and  must  download  the  NetVault  client  soft¬ 
ware  before  they  can  have  data,  applications  and  settings 
restored,  a  process  that  adds  significantly  to  the  unavail¬ 
ability  of  a  disaster-stricken  machine. 

NetVault  records  the  details  of  each  job  —  when  it  was 
run,  by  whom,  and  its  success  or  failure.  It  also  maintains  a 
security  log  of  authentications  that  can  be  exported  to  a 
file.  Additionally,  you  can  create  customized  reports  and 
send  automatically  generated  reports  via  e-mail. 

Overall,  BakBone  NetVault  gets  credit  for  its  breadth  of 
platform  coverage,  but  it  isn’t  as  useful  as  the  other  prod¬ 
ucts  tested  in  terms  of  rapid  restoration  of  a  platform 
from  a  disastrous  circumstance. 

Symantec  Backup  Exec 

Symantec  Backup  Exec  (we  tested  Version  lid)  supports 
enterprise  network  infrastructure  very  broadly  Tracing  its 


history  through  Symantec,  Veritas,  Seagate  and  Arcada, 
Backup  Exec  is  the  oldest  product  we  tested,  and  its  matu¬ 
rity  shows.  Although  it  didn’t  have  the  widest  support  for 
servers  (it  does  not  support  HP-UX,  IRIX,  AIX  and  SCO),  it 
does  support  MacOS  and  most  flavors  of  Linux  by  way  of 
client  agent  software. 

Installation  is  simple,  both  on  servers  (Backup  Exec  lid 
is  hosted  on  Windows  2000  Professional,  Windows  XP  SP2, 
NetWare  or  Windows  2003  Server  editions)  and  clients.  Our 
only  complaint  was  the  number  of  license  key  digits  that 
had  to  be  entered  seemingly  constantly  until  all  was  alive. 
Backup  Exec  supported  file  or  snapshot-based  backups, 
allowing  administrator  and  user-defined  backups  and 
restorations.  Individual  disk  partitions  also  can  be  backed 
up,  providing  good  flexibility.  We  do  need  to  note  that 
Network  File  System  partitions  aren’t  supported. 

Among  the  products  we  tested,  Backup  Exec  pays  a  great 
deal  of  attention  to  detailing  the  type  of  data  to  be  backed 
up  (files,  directories,  partitions,  snapshots,  entire  systems), 
and  this  effort  pays  administrators  and  users  back  by  giving 
them  extremely  flexible  restoration  options. 

One  of  the  strongest  features  of  Backup  Exec  is  that  it  lets 
clients  boot  a  Symantec  CD  and  have  the  applications  on 
the  CD  find  the  Backup  Exec  software  server  and  perform 
a  partial  or  complete  restoration  of  files.  Civilians  can  do 
this  for  any  of  the  operating  systems  supported. 

We  were  dismayed  that  encryption  wasn’t  turned  on  by 
default,  but  that’s  easily  changed.  The  encryption  options 
are  good:  AES  128-,  192-,or  256-bit  encryption  are  available. 
The  keys  are  stored  in  the  server.  We  recommend  backing 
up  the  encryption  keys  database  frequently  and  removing 
it  to  a  safe  location  off-site. 

Continuous  backups  ostensibly  are  available,  provided 
there’s  sufficient  server  disk  storage  and  minimal  latency 
between  client  and  server. The  problem  with  the  Symantec 
approach  is  that  continuous  backup  is  effective  only  when 
the  source  device  has  a  low  delta  of  change. 

The  Symantec  product  keeps  detailed  audit  logs  in  its 
database  for  a  configured  length  of  time.  This  log,  which 
can  be  saved  to  a  file, displays  the  date  and  time  of  an  activ¬ 
ity,  who  performed  it  and  its  nature. 

Keeping  network  administrators,  help  desk  support  peo¬ 
ple  and  users  in  mind,  we  ranked  Backup  Exec  the  best  in 
overall  effectiveness  for  its  features, security  and  usefulness 
in  rapid  restoration  when  disaster  strikes. 

Yosemite  Backup 

Yosemite  is  geared  to  a  file-based  backup  methodology 


and  tape  storage,  though  hard  drives  are  per¬ 
fectly  acceptable  storage  media.  Yosemite’s 
strength  is  its  ecumenical,  cross-platform  oper¬ 
ating-system  support  (though  not  the  widest 
support  among  products  we  tested). Yosemite 
makes  a  Microsoft  Small  Business  Server  edi¬ 
tion,  (then  a  Standard,  the  version  we  tested) 
and  advanced  server  (geared  to  support  more 
than  20  servers).  Yosemite  installs  as  a  server 
application  on  Microsoft  Enterprise  Server  edi¬ 
tions  (Windows  NT  Server  4.0  and  up), 
NetWare,  Solaris  or  SUSE  Linux. 

Installation  was  a  breeze,  though,  Yosemite 
users  could  benefit  from  a  way  to  deal  with 
the  default  settings  in  XP-client  firewall  settings 
(we  had  to  poke  a  hole  in  XP’s  firewall  to  let 
the  client  connect  to  the  backup  server). 

Administrators  and  users  can  set  up  ad-hoc 
and  scheduled  backups.  Yosemite  doesn’t 
encrypt  data  being  backed  up,  which  we  find 
to  be  insecure,  though  data  is  compressed, 
which  removes  the  very  easiest  of  download¬ 
able  protocol  analyzer  data  spying  and  theft  compromises. 

Licensing  is  done  by  tape  libraries  and  additional  tape 
devices  mean  additional  licensing  costs.  Libraries  can  be 
easily  accessed  or,  if  online  storage  is  preferred,  libraries  as 
large  as  8TB  can  be  maintained.  Although  the  libraries  are 
easily  accessible  and  understandable  in  layout,  there’s  no 
provision  for  mass  client  installation.  The  GUI  provides  a 
Windows  Explorer-like  view  of  the  available  files,  from 
which  users  select  the  files  they  want  to  access  and  the  ver¬ 
sion  they  want  to  restore. 

Bare-metal  restoration  capabilities  for  Windows,  NetWare 
and  Linux  platforms  are  available  as  an  extra-cost  option, 
as  are  other  high-availability  options,  including  modules  for 
Exchange  and  Oracle. 

Yosemite’s  product  does  offer  some  basic  logging  func¬ 
tions,  and  that  information  can  be  saved  to  a  file  or 
e-mailed.  It  also  has  a  feature  that  lets  you  set  up  audit  logs 
on  critical  file-backup  procedures. 

Our  overall  impression  of  Yosemite  was  favorable,  and 
while  its  costs  can  be  comparatively  high,  it  easily  encom¬ 
passes  Windows,  Linux  and  Solaris  servers  and  clients  with 
an  understandable  management  and  administration  con¬ 
sole,  and  backups  and  restorations  can  be  done  by  admin¬ 
istrators  or  adventurous  and  trained  users. 

Henderson  is  principal  of,  and  Szenes  is  a  researcher  for, 
ExtremeLabs  in  Indianapolis.  They  can  be  reached  at  then 
derson@extremelabs.com  and  LaszIo@extremelabs.com. 
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Dual-core. 
Do  more. 


YOU  ALWAYS  HAD  THE  BRAINS. 

IT  WAS  THE  TECHNOLOGY 
THAT  WAS  A  LITTLE  SCATTERED. 


The  HP  BladeSystem  c-Class  with  insight  Control  Management. 


The  intuitive  HP  BladeSystem  c-Class  thinks  just  like  you  do  —  letting 
you  monitor  your  infrastructure  while  helping  to  analyze  your  future 
needs.  First,  HP's  OnBoard  Administrator  gives  you  out-of-the-box 
setup  and  configuration  combined  with  power,  cooling  and  enclosure 
management.  After  that,  the  Insight  Control  software  steps  in  to  let 
you  control  the  rest  of  your  environment,  locally  or  remotely.  And 
thanks  to  the  integrated  Insight  Display  — our  unique  LCD  screen  — 
you  can  interact  right  at  the  source  to  manage,  deploy  or  troubleshoot. 


Simply  plug  in  the  HP  ProLiant  BL460c  server  blade,  featuring 
Dual-Core  Intel®  Xeon®  Processors,  and  you'll  get  faster  performance 
and  versatility  to  support  32-  and  64-bit  computing  environments. 
Use  the  HP  BladeSystem  c-Class  for  your  business  and  you'll 
experience  greater  control  over  your  time  and  resources. 


Experience  the  HP  BladeSystem  and  download  the  IDC  White 
— *  Paper  "Enabling  Technologies  for  Blade  Management." 


Click  YouAlwaysHadlf.com/brainsl 

Call  1-866-625-4087 
Visit  your  local  reseller 


Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full  benefit:  check  with  software 
provider  to  determine  suitability:  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Requires  a  separately  purchased  64-bit  operating  system  and  64-bit  software  products  to  take  advantage  of  the 
64-bit  processing  capabilities  of  the  Dual-Core  Intel  Xeon  Processor.  Given  the  wide  range  of  software  applications  available,  performance  of  a  system  including  a  64-bit  operating  system  will  vary.  Intel's  numbering  is  not  a  measurement  o> 
higher  performance.  Intel,  the  Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein  is  subject  to  change 
without  notice.  ©2006  Hewlett-Packard  Development  Company,  L.P. 


Identity  Engines  enables 
central  policy  management 


BY  MANDY  ANDRESS,  NETWORK  WORLD  LAB  ALLIANCE 

Managing  authentication  to  networks, systems  and  applications  is  an  onerous 
task  because  of  diverse  user  bases  and  access  methods.  In  this  Clear  Choice 
Test,  an  identity-management  appliance  called  Identity  Engines’  Ignition 
Server  proved  to  be  adept  at  aggregating  control  of  multiple  user  repositories 
and  devices  once  we  got  used  to  the  somewhat  cumbersome  interface. 


The  Ignition  appliance  goes  beyond  standard  authenti¬ 
cation,  authorization  and  auditing  to  include  centralized 
policy  management,  user  consolidation,  compliance 
automation  and  distributed  deployment.  Ignition  uses 
RADIUS,  802.  lx  and  other  standard  protocols. 

We  installed  the  appliance  in  our  test  network  using  the 
configuration  that  routes  all  traffic  through  the  adminis¬ 
tration  interface  (See  “How  we  did  it”  at  www.nwdocfind 
er.com/6521).  There  also  is  the  option  of  splitting  man¬ 
agement  traffic  and  authentication/authorization  traffic 
to  a  separate  network  interface.  Initial  setup  of  the  appli¬ 
ance  took  less  than  10  minutes. 

Management  is  accomplished  through  the  products 
Ignition  Dashboard,  a  thick-client  console  that  we 
installed  on  a  separate  server.  With  the  increasing  move¬ 
ment  toward  Web-based  management  consoles,  we  were 
a  little  surprised  to  see  the  thick-client  approach.  We 
would  prefer  a  Web-based  management  console  to  make 
distributed  management  a  bit  easier. 

After  logon,  the  Ignition  appliance  is  selected  and  con¬ 
figured.  We  would  like  a  more  centralized  approach  to 
management  in  which  we  can  make  configuration 
changes  and  then  choose  which  appliances  to  apply 
them  to. This  prevents  the  need  to  make  changes  multiple 
times  to  different  devices  in  a  distributed  environment. 

Before  testing,  we  upgraded  Ignition  to  the  latest  release, 
3.2.  The  appliance  firmware  upgraded  without  issue. 
When  upgrading  Ignition  Dashboard,  the  Sun  Java  Virtual 
Machine  (JVM)  was  removed  (or  unlinked)  and  the  new 
version  could  not  find  it.  We  had  to  manually  install  the 
JVM  for  the  upgraded  software  to  function  correctly, 
though  this  took  only  a  few  minutes. 

Devices  that  are  secured  by  Ignition  are  called  authen¬ 
ticators,  which  can  be  grouped  into  service  categories. 
We  configured  our  Cisco  3000  VPN  Concentrator  and  our 
Fortigate  appliance  to  use  Radius  authentication  and 
then  defined  them  as  authenticators  in  Ignition.  We  creat¬ 
ed  a  VPN  service  category  to  group  the  devices  together. 

We  had  some  initial  difficulty  performing  those  tasks 
through  the  Ignition  Dashboard  management  GUI.  The 
software  is  not  intuitive  and  was  confusing  at  times.  After 
working  with  the  product  for  a  while,  we  became  familiar 
with  the  console  and  understood  how  to  get  the  job 


done,  but  it  has  a  bit  of  a  learning  curve. 

Next,  we  set  up  the  user  repositories.  For  testing,  we  used 
Active  Directory  in  conjunction  with  the  onboard  user 
repository  contained  and  administered  on  the  Ignition 
server.  The  configuration  to  communicate  with  Active 
Directory  was  very  straightforward.  We  used  the  wizard 
and  the  simple  Active  Directory  configuration  within 
Ignition,  because  our  Active  Directory  implementation  is 
pretty  standard.  Ignition  also  offers  support  for  SSL-en- 
crypted  communication  with  Active  Directory  which  is 
very  nice  to  see. 

Once  we  had  the  user  repositories  configured,  we  creat¬ 
ed  a  directory  set,  which  groups  disparate  user  stores 


Identity  Engines'  Ignition  Server  is  an  identity  management 
appliance  that  integrates  with  your  existing  directory  stores. 


together.  We  then  created  a  virtual  group,  which  aggre¬ 
gates  groups  across  multiple  directories.  For  testing,  we 
created  a  virtual  group  called  Admin  that  included  the 
Domain  Admin  group  from  Active  Directory  and  an 
Admin  group  we  defined  in  the  Ignition  embedded  user 
store. The  ability  to  consolidate  multiple  user  repositories 
and  devices  into  a  single  point  of  control  is  a  great  feature 
that  could  easily  stand  on  its  own. 

Once  we  had  the  devices  and  repositories  configured, 
we  set  up  our  authentication  policies.  We  started  simply, 
configuring  a  policy  that  said  anyone  trying  to  access  the 
network  from  the  VPN  was  approved.  This  meant  that  if 
you  came  in  through  the  Cisco  Concentrator  or  the 
Fortinet  device  and  you  successfully  authenticated  to 
Active  Directory  or  the  embedded  user  store,  wherever 
your  account  resided, you  were  allowed  access.  We  tested 
valid  and  invalid  accounts,  and  everything  worked  great. 

To  get  a  little  more  complicated, we  set  some  conditions 
on  the  VPN  service  category  We  required  the  user  to  be  in 
a  specific  group  in  Active  Directory  using  the  virtual 
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Identity  Engines 
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Prices  start  at  $19,000  for  single  unit,  $34,000  for 
high  availability. 

Pros:  Quick  setup,  not  overly  complex;  ability  to 
authenticate  across  repositories  with  single 
configuration. 

Cons:  Policy  could  be  more  flexible;  user  interface 
cumbersome  at  times;  not  intuitive,  but 
fairly  easy  once  learned. 


The  Breakdown 


Policy  management  35% 

3.0 

Device  configuration  35% 

3.5 

System  management  15% 

3.0 

Logging/reporting  15% 

3.0 

Total  score 

3.18 

Scoring  Key: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 

1:  Subpar  or  not  available. 


group  we  created  previously.  We  tested  multiple  account 
scenarios  based  on  user  store  and  group  membership 
and  everything  worked  as  expected. 

We  would  like  to  see  more  detail  and  flexibility  in  the 
policy  development.  We  were  not  able  to  disable  a  poli¬ 
cy  if  we  removed  it  from  use  temporarily  for  testing.  If  we 
needed  the  policy  again,  we  had  to  delete  it  and  recre¬ 
ate  it  later. 

We  also  were  not  able  to  specify  complex  policy  rela¬ 
tionships.  For  example, we  wanted  to  develop  a  policy  that 
says  if  you  are  in  an  admin  group  or  you  come  through  a 
specific  service  category,  then  access  is  allowed.  In  our 
testing,  we  were  only  able  to  set  an  “and”  policy  that 
required  both  criteria  to  be  met  to  get  access.  We  would 
like  to  create  embedded  policy  statements  or  more  com¬ 
plex  if/then  scenarios  for  policy  application. 

Ignition  also  contains  Ignition  Jumpstart, a  Web-based  sys¬ 
tem  for  managing  guest  access.  We  installed  Jumpstart  and 
configured  it  to  allow  registered  guests  onto  a  specific  vir¬ 
tual  LAN  (VLAN)  on  the  network.  Setting  up  the  Jumpstart 
components  was  straightforward.  Controlling  access  for 
guest  users  followed  the  same  setup  we  tested  for  regular 
users.  In  our  test  configuration, guest  users  were  assigned  to 
a  VLAN  that  allowed  only  Internet  access.  We  could  track 
guest  registrations  and  what  they  tried  to  access  from  the 
network  perspective. 

For  logging,  Ignition  s  primary  focus  is  syslog,  but  files  can 
be  exported  through  FTP/SFTP  to  a  separate  location.  Logs 
are  stored  locally  and  can  be  viewed,  but  no  specific 
reporting  is  available. Some  statistics  are  provided  on  trans¬ 
actions,  such  as  authentication  attempts,  but  graphs  or 
exportable  reports  are  not  included. 

Ignition  is  definitely  worth  a  look  for  any  company  strug¬ 
gling  with  network  access  control.  Ignition  does  not  require 
significant  architecture  changes  and  integrates  easily  into 
existing  environments. While  policy  development  could  be 
expanded  to  allow  for  more  complex  scenarios,  the  current 
functionality  helps  solve  problems  that  many  companies 
do  not  have  an  answer  for. 

Andress  is  president  of  ArcSec  Technologies,  a  security 
company  focusing  on  product  reviews  and  analysis.  She 
can  be  reached  at  mandy@arcsec.com. 
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■  CAREER  DEVELOPMENT  a  PROJECT  MANAGEMENT  ■  BUSINESS  JUSTIFICATION 

Before  you  sign  on  the  dotted  line 

What  to  know  about  the  documents  a  new  employer  may  require  you  to  sign 


BY  DEB  RADCLIFF 

Gone  are  the  days  of  contracts  that 
cover  the  terms  and  conditions  of 
employees’  compensation,  duties, 
length  of  employment,  benefits  and  bases 
for  termination;  and  spell  out  the  rules 
about  noncompete  agreements,  confiden¬ 
tiality,  reimbursement  and  grievances. 


ERIC  MUELLER 


“There’s  always  an  employment 
contract  of  some  kind,  even  if  it’s 
just  ‘come  work  for  me  and  I’ll 
pay  you.’  But  formal,  written  con¬ 
tracts  are  the  exception  rather 
than  the  norm,” says  Robert  Style, 
an  attorney  in  Philadelphia  in 
private  practice  and  general 
counsel  to  the  National  Associa¬ 
tion  of  Personnel  Service. 

Even  in  IT,  employment  con¬ 
tracts  are  rare.The  reason,  say 
recruiters  and  temporary-staffing 
agents,  is  that  all  states  except 
Montana  have  employment  laws 
giving  either  party  the  right  to  ter¬ 
minate  employment  at  will. 

“Employers  are  loath  to  enter 
into  a  contract  employment 
agreement  with  IT  staff,  even  very 
senior-level  management, 
because  it  creates  an  obligation 
on  their  part,”  says  Michael 
Rossman,  director  of  global  IT 
services  and  information  security 


for  spice-maker  McCormick  &  Co. 
in  Hunt  Valley  Md.“Without  a  con¬ 
tract,  benefits  and  provisions  can 
be  changed  at  will  instead  of 
having  to  renegotiate  every  time 
policies  dictate.” 

That  doesn’t  mean  new  hires 
aren’t  signing  documents.Their 
signatures  are  on  an  increasing 
number  of  documents  that  cover 
everything  from  employee  com¬ 
pensation  and  duties,  to  benefits 
agreements,  noncompetes,  ethi¬ 
cal  behavior  (antiharassment 
and  appropriate  use  policies,  for 
example),  reimbursement,  griev¬ 
ances,  and,  most  commonly  con¬ 
fidentiality  and  nondisclosure 
agreements,  Rossman  says.The 
decades-old  spice  recipes  his 
company  makes  for  brand-name 
food  chains  are  a  particularly 
competitive  part  of  its  intellectual 
property  so  employees  are  asked 
to  renew  some  of  their  nondis¬ 


closure  agreements  every  year. 

All  these  types  of  agreements 
have  been  vetted  for  legality  by 
the  employer,  so  there’s  not  much 
room  for  negotiation,  says  Joyce 
Brocaglia,  CEO  of  executive  IT 
security  placement  firm  Alta 
Associates  in  Flemington,  N.Y 
Still, she  strongly  advises  giving 
any  contractual  obligation,  partic¬ 
ularly  any  related  to  noncom¬ 
petes  and  intellectual  property  a 
thorough  review  before  accepting 
an  offer  or  quitting  a  current  job. 

“If  you  read  anything  that 
seems  overly  restrictive,  it’s  always 
best  to  have  an  attorney  who  spe¬ 
cializes  in  employment  law 
review  and  jointly  prepare  sug¬ 
gested  edits  to  the  contract  in 
question,”  she  adds. 

Some  noncompetes  are  overly 
restrictive  because  they’re  so 
broad,  experts  say  For  example,  by 
not  specifying  conditions,  such  an 
agreement  could  prevent  a  soft¬ 
ware  developer  from  ever  writing 
code  again, or  could  exclude  an 
executive  from  working  in  an 
entire  sector,  says  James  Del 
Monte,  president  of  JDA  Profes¬ 
sional  Services,  an  IT  staffing  ser¬ 
vices  agency  in  Houston. 

A  reasonable  noncompete 
would  limit  the  obligation  to  the 
company’s  direct  competitors 
and  for  a  certain  period  of  time, 
Style  says.  With  or  without  a  con¬ 
tract, you  should  be  sure  to  find 
out  under  what  circumstances 
you  can  be  fired,  and  what  activi¬ 
ties  are  restricted  (common  ones 
are  sexual  harassment  and  per¬ 
sonal  use  of  assets),  he  says. 

The  lack  of  discussion  about 
severance  packages  is  due  to  the 
reluctance  of  most  companies  to 
negotiate  such  packages  upfront, 
Brocaglia  says. You’ll  probably  be 
signing  a  severance  document  at 
some  time  in  your  career,  how¬ 
ever,  and  you  should  inspect  the 
language  of  the  agreement  care¬ 
fully  For  example,  according  to 
an  Equal  Employment  Opportu¬ 


nity  Commission’s  suit  against 
Land  O’Lakes  in  September,  the 
company  had  put  in  its  sever¬ 
ance  documents  a  requirement 
that  terminated  employees  waive 
their  rights  to  file  discrimination 
claims  in  exchange  for  severance 
pay 

In  addition  to  noncompetes 
and  confidentiality  agreements, 
lost-compensation  agreements 
are  fairly  common  at  the  execu¬ 
tive  level.“The  most  common 
executive  contracts  that  corpora¬ 


tions  are  willing  to  negotiate 
involve  making  new  executives 
whole  for  money  they  leave  on 
the  table  by  exiting  their  current 
company  Brocaglia  says. 
“Executives  often  receive  contracts 
buying  out  their  stock  and  option 
awards  or  reimbursing  them  for 
bonuses  lost.They  need  to  be  sure 
this  amount  is  calculated  correctly 
and,  preferably  paid  upfront." 

Radcliff  is  a  freelance  writer  She 
can  be  reached  at  deb@raddilf.com. 
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Redmond  vs.  Red  Hat:  Divide  and  conquer 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 

As  we  close  out  the  year,  it  is  in¬ 
structive  to  ponder  last  month’s 
pro-Linux  announcement  by 
Microsoft.  It  tells  us  a  lot  about 
how  the  company’s  thinking  is 
evolving  with  respect  to  competi¬ 
tion.  And,  more  importantly  what 
that  might  mean  to  customers  in 
the  coming  year. 

You  have  to  give  Microsoft  cred¬ 
it.  With  one  announcement  the 
company  significantly  under¬ 
mined  the  enterprise  Linux 
movement  while  superficially 


offering  it  support. 

When  the  news  hit,  I  was  travel¬ 
ing  in  Asia  —  but  it  was  signifi¬ 
cant  enough  to  warrant  a  sub¬ 
stantial  story  in  the  International 
Herald  Tribune. 

The  story  “Microsoft  and  Novell 
sign  cooperation  pact  on  Linux”, 
began  by  stating:  “Microsoft  has 
acknowledged  the  influence  of . . . 
Linux.”  It  noted  that  Microsoft 
CEO  Steve  Ballmer  said  Microsoft 
has  been  getting  “pressure”  to 
make  its  operating  system  and 
Linux  “operate  together.” 

The  quick  read  is  that  Microsoft 
caved  in  to  customer  demand. 
What  a  beautiful  thing.  But,  as 
many  analysts  are  pointing  out, 
the  decision  to  support  Linux 
might  do  more  to  discourage  cus¬ 
tomer  migration  than  to  encour¬ 


age  it.  And,  of  course,  that  is  just 
fine  by  Microsoft. 

By  backing  Novell’s  SuSE  Linux, 
the  company  executed  a  classic 
divide  and  conquer  tactic 
against  Red  Hat. 

Think  about  it.  You  want  to 
have  a  Windows  machine  and  a 
Linux  machine  in  the  same  net¬ 
work  operate  together.  They 
communicate  using  standard 
networking  protocols.  They 
already  operate  together  and 
did  so  prior  to  the  announce¬ 
ment.  Operation  is  really  just  co¬ 
existence  and  that  is  about  as 
complicated  as  you  and  I  taking 
an  elevator  together.  There  is 
nothing  special  we  have  to  do 
—  we  just  coexist  there  until  we 
get  to  our  respective  floors. 

This  is  cover  for  the  key  news, 


which  is  that  Microsoft  and 
Novell  have  worked  out  agree¬ 
ments  regarding  intellectual 
property  rights.  With  its  magic 
wand,  Microsoft  has  created  a 
lawsuit-free  version  of  Linux 
while  simultaneously  reminding 
everyone  that  every  other  version 
of  Linux  is  a  potential  target.  And 
the  three-year  exclusive  deal  with 
Novell  is  going  to  undermine  the 
other  leading  players. 

If  you  think  this  won’t  happen,  it 
is  instructive  to  check  out  Wiki¬ 
pedia  on  SCO  Group’s  lawsuit 
warpath  (see  www.nwdocfinder. 
com/6522).  The  company  is  not 
only  going  after  IBM  and  Red  Hat; 
it  has  been  in  litigation  with 
DaimlerChrysler  for  some  time. 

As  someone  who  has  been 
involved  in  corporate  IT  buying 


for  a  quarter  of  a  century  it  is  in¬ 
grained  in  my  psyche  that  1 
should  look  for  the  technology 
that  will  provide  the  maximum 
benefit  to  my  company  That  is  no 
longer  the  case. 

Unfortunately,  buyers  now 
must  think  about  the  fact  that 
the  solution  they  purchase 
might  cause  them  to  become  a 
target  in  a  lawsuit. 

If  this  causes  buyers  to  be 
attracted  by  the  solution  least  like¬ 
ly  to  cause  harm  rather  than  those 
that  can  do  them  the  most  good, 
that  will  be  a  sad  day  indeed. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


Cisco  software  challenges 

Cisco  has  identified  the  problems  with  its  IOS  routeroperating 
system  and  other  network  software,  and  proposed  a  five-year 


plan  to  make  things  better. 

Challenge 

Strategy 

Cisco’s  IOS  software  is  tied  closely 
with  hardware,  making  it  hard  to 
upgrade  and  manage. 

IOS  will  be  decoupled  from  hardware,  with 
individual  services  running  more  like  virtualized 
services. 

Blades  running  specific  services  or 
applications  take  up  room  in  a  chassis 
and  are  difficult  to  deploy  quickly. 

Servers  could  be  virtualized  across  a  router 
or  switch  chassis,  similar  to  virtualized  server 
operating  systems  running  separately  on 
one  server  hardware  platform. 

Cisco 

continued  from  page  1 

more  flexibility  to  allow  cus¬ 
tomers  to  purchase  software 
and  to  deploy  it,  according  to 
their  terms.” 

IOS  upgrades  require  a  reinstall 
of  the  new  software  image  on  the 
router  or  switch  —  which  causes 
downtime  —  or,  “we  say,  not  a 
problem,  UPS  will  arrive  soon, 
here’s  another  blade”  to  run  your 
new  service  or  application,  Metz- 
ler  said. “This  adds  months  to  the 
deployment  cycle,  which  is  not 
good  for  customers  or  Cisco’s 
business.” 

Because  IOS  code  releases  are 
a  superset  of  features  in  previous 
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versions,  Metzler  added,  users 
must  also  go  through  lengthy  test¬ 
ing  processes  to  ensure  new  fea¬ 
tures  don’t  interfere  with  existing 
network  services.The  most  recent 
IOS  release,  for  example 
(12.4(1 1)T), has  31  new  features 
ranging  from  intrusion-preven¬ 
tion  system  (IPS)  and  VPN  up¬ 
grades,  to  VoIP  Border  Gateway 
Protocol,  load-balancing  and 
VoiceXML  features. 

“What’s  going  to  happen?  What 
else  was  in  this  software  image 
that  1  just  loaded?”  are  common 
questions  when  upgrading  IOS, 
Metzler  said.  “It’s  not  a  natural, 
graceful  way  to  go  through  a  soft¬ 
ware  upgrade.” 

The  evolution  of  Cisco’s  soft- 
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ware  model  was  first  mentioned 
by  CEO  John  Chambers  in  June  at 
the  company’s  North  American 
customer  event. 

“More  than  half  of  our  engineers 
are  software  engineers,  yet  we  sell 
[software]  like  a  hardware  prod¬ 
uct,”  Chambers  said. 

The  first  phase  of  how  this  will 
play  out  involves  an  a  la  carte 
model  for  buying  features  and  ser¬ 
vices  embedded  in  IOS  code. 
Metzler  did  not  give  a  timetable, 
but  hinted  this  would  happen 
over  the  next  five  years. 

Besides  breaking  IOS  software 
away  from  hardware,  users  should 
also  expect  IOS  code  to  run  in  a 
more  modularized  way 

“We’ve  always  built  lots  of  ser¬ 
vices,  integrated  them  into  IOS, 
but  they’re  not  isolated  from  one 
another,”  Metzler  said.  “If  one  of 
them  crashes, you  have  a  problem 
with  everything  running  there. 
Using  virtualization  techniques, 
you  can  isolate  the  services,  so 
that  if  one  of  them  has  a  problem, 
it  doesn’t  impact  the  other  ones.” 

Loading  services  onto  routers 
this  way  will  also  allow  for  more 
centralized  deployment  and  man¬ 
agement.  Some  operational  costs 
could  be  reduced  or  eliminated. 

Features  and  services  in  IOS  — 
such  as  security,  VoIP  or  manage¬ 
ment  —  would  run  as  loadable 
modules  on  top  of  an  IOS  kernel, 
letting  users  turn  features  on  and 
off  without  bringing  down  a 
router.  Also,  services  that  run  on 
hardware  modules,  such  as  IPS 
blades  orVPN  modules  for  routers 


Services  running  in  IOS  are  tightly 
bundled,  which  sometimes  forces  users 
to  run  code  with  extra  modules  and 
services  that  are  not  used. 


and  switches,  would  run  as  virtu¬ 
alized  services  across  Linux- 
based  processor  blades  inside  a 
router  or  switch  chassis.  This 
would  let  users  allocate  network 
processing  to  applications  with 
more  control  while  maximizing 
network  gear’s  processing  power. 

“If  you  look  at  all  the  appliances 
or  special-purpose  blades  [cus¬ 
tomers]  may  buy  from  us,  they’re 
all  [probably]  humming  along  at 
around  20%  utilization,”  Metzler 
said.  Users  should  expect  to  see 
information  on  these  new 
changes  over  the  next  year  or  so. 

The  shift  may  also  force  users  to 
upgrade  to  newer  Cisco  hardware 
platforms. 

“Some  of  the  hardware  we  sell 
today  will  be  capable  through  a 
new  software  load  of  participating 
in  this,”  he  says.“Some  of  the  hard- 


While  breaking  108  away  from  hardware, 

Cisco  also  plans  to  separate  out  the  various 
services  running  in  IOS,  letting  users  choose 
and  activate  only  what  they  need. 

ware  we  sell  today  will  not.” 

This  kind  of  shakeup  could  have 
positive  and  negative  effects  for 
enterprises,  says  Karl  Rosander,  IT 
manager  for  the  city  of  Sacra¬ 
mento,  Calif.,  which  has  Cisco 
routers  and  switches  deployed 
across  all  city  buildings. 

“This  could  be  an  advantage 
in  how  fast  1  implement  new  ser¬ 
vices  on  routers  across  our  en¬ 
tire  network, ’’Rosander  says. 
“From  an  engineer’s  perspec¬ 
tive,  this  might  cause  confusion 
for  engineers  who  have  studied” 
how  IOS  works  and  are  certified 
in  managing  the  existing  tech¬ 
nology  structure. 

From  an  overall  operations  per¬ 
spective,  the  ability  to  dynamically 
upgrade  routers  with  new  security 
features,  for  example,  would  be 
invaluable,  he  says.  R 
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BACKSPIN 


Mark  Gibbs 


I  am  not  dreaming  of  a 
white  Christmas.  I  do  not 
want  my  two  front  teeth, 
and  I  do  not  want  to  walk 
in  a  winter  wonderland. 

“Why  should  that  be?“  you  may  ask.“Why  would  the  sea¬ 
son  of  peace  on  earth  and  goodwill  to  all  men  not  suck 
you  in  and  spit  you  out  covered  in  tinsel  and  bonhomie?11 

Let  me  count  the  ways  . . . 

1  have  lots  of  important  stuff  to  get  done  (1)  and  with 
Christmas  just  around  the  corner  (2)  there’s  not  much 
time  to  get  it  done  (3), so  anything  that  slows  me  down  is 
just  a  pain  in  the  festive  tush  (4). 

Why  do  the  voices  that  prompt  you  in  voice  mail  (5) 
speak  so  laboriously  (6)?  I’m  sure  that  anyone  on  lithium 
has  a  fine  time  with  these  systems,  but  for  us  very  busy 
people  this  is  enough  to  turn  us  into  raving  lunatics. 

Come  on,  come  on,  what  time  was  the  darn  message 
sent  (couldn’t  they  tell  you  that  before  replaying  the  mes¬ 
sage  (7)?).  Is  it  a  five  for  the  envelope  details  or  a  six  (8)  . . . 
I’ll  press  six.“You  . . .  have  . . .  pressed  ...  an  invalid  . . . 
key(9).  Press  zero  ...  to  return  ...  to  the  main  menu.” 

%*&$!.  Sounds  like  William  Shatner  on  valium. 

Then  I  had  a  call  to  make.  How  come  some  companies 
have  no  operator  (10)  but  their  interactive  voice  response 
system  implies  that  one  could  be  available  (1  l).“Enter  the 


50  unfestive  things 
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extension  you  want  or  hit  zero  for  assistance” . . .  (you 
enter  zero)  . . .  “Hi. This  is  Betty  in  accounts,  please  leave 
your... ”(12). 

Better  yet, “Enter  the  extension  you  want  or  hit  zero  for 
assistance” . . .  (you  enter  zero)  . .  .“Enter  the  extension  you 
want  at  any  time  otherwise  hit  zero  . . .”  (13). 

The  best?  “Enter  the  extension  you  want  at  any  time,  oth¬ 
erwise  hit  zero  for  assistance” ...  (you  enter  zero)  ... 
“Sorry  that  isn’t  a  valid  extension.  Goodbye”  (14). 

Another  call  to  make.“Please  wait.”There’s  music  on 
hold  (15). Why  can’t  I  press  some  key  to  switch  it  off  (16)? 
Is  that  too  much  to  ask?  Being  on  hold  is  bad  enough,  but 
being  on  hold  and  having  to  listen  to  family  Christmas 
favorites  (17)  played  by  the  Boston  Pops  (18)  for  20  min¬ 
utes  (19)  is  worse  than  dentistry  without  Novocain. 

I  finish  my  calls  and  now  I’m  out  running  errands.  My 
cell  phone  drops  calls  (20). We  were  with  Cingular,  which 
claims  the  lowest  number  of  dropped  calls.  Not  in  my  uni¬ 
verse  (21).  Now  we  are  with  T-Mobile. Is T-Mobile  better?  I 
think  so  —  when  you  can  get  a  signal  (22). 

Back  to  the  office,  and  we  have  everybody’s  favorite  to 
deal  with:  Winrot  (23).  For  the  second  time  this  year  my 
main  Windows  PC  is  showing  all  the  signs  of  needing  a 
complete  operating  system  (24)  and  applications  rebuild 
(25).  I  sit  down  and  find  that  CCAPPthe  Symantec  anti¬ 
virus  user  session  service,  is  permanently  hogging  more 


than  80%  of  the  processor  (26).  Nothing  else  is  getting 
anywhere  (27).  Kill  CCAPP?  Can’t  do  it  (28),  it  runs  pro¬ 
tected.  Reboot  (29). 

Oh,  now  my  G5  Mac  running  OS  X  is  acting  up  (30). 
Again  (31).  Every  now  and  then  the  cinema  display 
blanks  for  no  reason  (32),  then  turns  back  on  (33),  then 
blanks  (34) ,  then  . . .  (35) .  Everything  is  up  to  date,  no  faults 
detected, no  clues  at  all  (36). 

OK,  Windows  rebooted  —  why  does  it  take  so  long  (37)? 
No!  Outlook  crashed  (38).  Great, start  it  up  again  and  now 
it  has  to  check  its  message  store  (39), which  will  take  at 
least  10  minutes  (40),  which  I  haven’t  got  (41),  because  1 
am  busy  busy  busy  (42)! 

Oh  great,  Outlook  is  retrieving  a  couple  hundred  mes¬ 
sages.  What  a  surprise!  I  have  more  newsletters  I  didn’t 
subscribe  to  (43)  and  don’t  want  (44).  Loads  of  penny 
stock  spam  (45).  Lots  of  e-mail  addressed  to  “Fernando 
Hitsman”  (46),  and  still  more  that  start  with  phrases  such 
as  “Dearest  One  /  With  respect  and  humanity!  decided  to 
send  this  proposal  to  you  . . .”  (47). 

That’s  it!  I’m  not  going  to  get  anything  done  so  I  might  as 
well  give  up  (48)  and  enjoy  Christmas,  because  once  its 
over  I’m  going  to  be  dealing  with  this  mess  all  over  again 
(49).  Merry  Christmas  (50). 

Bah  humbug  to  backspin@gibbs.com. 


ET 


News,  insights  and  oddities 


U.S.  Postal  Service  delivers  holiday . . .  spam? 


Paul  McNamara 


The  U.S.  Postal  Service  is  promoting  its  online  Click- 
N-Ship  product  by  sending  spam  to  customers  —  in 
apparent  violation  of  its  loophole-ridden  privacy  policy 
and  certainly  the  spirit  of  federal  law  —  according  to  a  pair  of  antispam  activists  who 
say  they  have  received  the  unsolicited  e-mail. 

John  Levine,  a  consultant,  author  and  holder  of  leadership  positions  in  various  anti¬ 
spam  organizations,  reports  on  his  blog:  “The  message  did  not  have  the  postal  mailing 
address  of  the  sender  (pretty  ironic,  huh?)  nor  opt-out  instructions,  both  of  which  are 
mandatory  under  CAN  SPAM.  Did  the  USPS  break  the  law?” 

Paul  Hoffman,  director  of  the  VPN  Consortium  and  an  IETF  regular,  says  he  received 
the  same  spam.  “Regardless  of  whether  or  not  it  was  legal,  it  is  bad  business,  and  it 
turns  off  orders  of  magnitude  more  customers  than  it  attracts,”  he  says.  "Whoever  at 
USPS  organized  this  mailing  should  be  summarily  fired." 

The  Postal  Service  has  yet  to  return  my  phone  call  asking  for  comment,  but  here's 
what  its  Web  site  says  about  privacy:  “If  you  are  a  consumer,  we  use  an  opt-in  stan¬ 
dard.  If  you  have  provided  personal  information  to  register  for  or  purchase  a  product  or 
service,  we  will  not  use  that  information  to  contact  you  in  the  future  about  another  pro¬ 
duct  or  service  unless  you  have  provided  express  consent. ...  If  you  are  a  business,  we 
use  an  opt-out  standard. 

Hoffman  says  he  used  a  personal  e-mail  address. 

Lumps  of  coal  all  around  for  those  responsible. 

Better  than  a  dating  service  for  the  single  IT  guy? 

Subject  line  of  the  e-mail  in  my  in-box:  Special  membership  offer  from  WITI. 

The  acronym  didn't  register  immediately,  so  I  opened  it  up  to  take  a  look: 

"Dear  Paul:  When  I  started  WITI  in  1989,  I  had  four  objectives:  1.  Advancing  women 
by  providing  direct  access  to  a  global  network  of  professional,  tech-savvy  women  com¬ 
mitted  to  collaboration,  not  competition;  2.Transforming  corporate  environments  to 


level  the  playing  field  for  women;  3.  Increasing  the  number  of  women  at  top  executive 
levels;  and,  4.  Encouraging  girls  to  select  careers  in  technology." 

Admirable  goals  all  —  but,  me?  A  member  of  Women  inTechnology  International? 

Perhaps  there  was  some  mistake;  maybe  the  e-mail  was  intended  for  a  Paula 
McNamara,  not  Paul  (it’s  happened). 

The  e-mail  continues:  “WITI  is  totally  committed  to  helping  you  succeed  at  every 
level. . .  .The  only  thing  we  ask  of  you  is  to  show  up.  We  offer  a  supportive,  woman-rich 
environment  to  help  you  break  through  to  the  next  level.” 

So  I  went  to  the  organization's  Web  site  looking  for  a  sign  that  men  are  indeed  wel¬ 
come,  and  while  it  took  some  searching,  there  it  was  buried  deep  within  the  About  WITI 
section  underWITI  demographics. 

Gender  Breakdown:  Female:  94.2%;  Male:  5.8%. 

First  thought:  Yes,  men  can  join.  Second  thought:They  aren’t  kidding  about  the 
“woman-rich  environment”  —  that’s  just  shy  of  20-to-1  one  by  my  reckoning. 

It  gets  better,  at  least  if  you’re  the  type  of  man  who  enjoys  interacting  with  smart, 
successful  women  in  both  professional  and  perhaps  personal  settings:  four  in  10  WITI 
members  hold  advanced  educational  degrees,  about  half  own  their  own  businesses  or 
hold  executive  positions  . . .  and  an  equal  number  earn  six-figure  salaries. 

Now  I  know  what  some  of  you  are  thinking:  How  dare  this  cad  turn  something  as  seri¬ 
ous  and  important  as  WITI  into  just  another  excuse  to  make  advances? 

Try  not  to  judge  me  so  harshly.  For  one  thing,  I’m  a  happily  married  father  of  three 
who’s  not  joining  anything  any  time  soon  except  maybe  the  PTA.  And  1  am  quite  cer¬ 
tain  that  the  5.8%  of  the  WITI  membership  that  is  male  had  nothing  but  the  purest  of 
professional  motivations  for  joining. 

I'm  just  saying  ...  if  you’re  a  single  IT  guy  . . .  and  you’re  looking  for  a  professional 
organization  to  join  to  round  out  the  resume  . . .  you  could  do  a  lot  worse. 

Other  invites  to  buzz@nww.  com. 


.INFRASTRUCTURE  LOG 


_DAY  27:  These  compliance  regulations  are  killing 
us!  Audits.  Inconsistencies.  Processes.  Time.  Money. 

I  feel  like  l’m  being  chased  by  regulators. 

_0h,  wait.  I  am  being  chased  by  regulators.  Run!!!!! 

_DAY  28:  I’ve  got  it:  IBM  Tivoli  middleware.  It  automates 
system  administration  to  standardize  compliance 
policies.  It  centralizes  processes  to  minimize  the 
headaches  of  new  and  ever-changing  regulations. 

And  it  helps  pinpoint  security  issues  before  they 
become  problems  and  maintains  business  integrity. 

_Gil  is  bummed  we  had  to  ditch  the  high-carb  diet. 


Better  manage  the  business  of  I  T.  at: 

IBM.COM/TAKEBACKCONTROL/COMPLIANCE 


the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  All  rights  reserved. 
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_DAY  35:  Whoa!  Came  in  today  and  found  a  black  hole. 
Information  goes  in  but  doesn’t  come  out.  This  is  bad. 

_DAY  36:  The  black  hole  just  sucked  in  three  interns. 
HR  is  not  pleased. 

_DAY  38:  I’ve  taken  back  control  with  IBM  Information 
Management  middleware.  It’s  built  on  open  standards. 
Totally  scalable.  Seamlessly  unites  all  our  critical 
information,  whatever  its  source.  Now  our  info  has 
real  business  value  that  can  help  spur  growth. 


_We  got  everything  back  from  the  black  hole.  Except 
the  interns. 


Information  Management 
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See  innovative  IBM  Info  Management  solutions  in  action: 

IBM.COM/TAKEBACKCONTROL/INFOMGMT 
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